SOPlanning 1.45 allows XSS via the “Your SoPlanning url” field.
Recent assessments:
horshark at March 09, 2020 8:34pm UTC reported:
Not a lot of information provided for this CVE.
However, this is a javascript code execution in Your SoPlanning Url field which you can find in Global Settings leading to a stored XSS meaning that execution does not require user interaction.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5