SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
Recent assessments:
horshark at March 09, 2020 8:38pm UTC reported:
Javascript execution.
On the ip/www/status.php page, you can execute Javascript in the name and comment fields.
Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 5