Lucene search

Opinio Security Vulnerabilities

cve

CVE-2023-4472

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the...

9.8CVSS

7.2AI Score

0.001EPSS

2024-02-01 10:15 PM

cve

CVE-2020-26564

ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to...

6.5CVSS

6.9AI Score

0.001EPSS

2021-07-31 05:15 PM

cve

CVE-2020-26565

ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo...

7.5CVSS

7.6AI Score

0.005EPSS

2021-07-31 05:15 PM

cve

CVE-2020-26806

admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP...

8.8CVSS

8.9AI Score

0.004EPSS

2021-07-31 05:15 PM

cve

CVE-2020-26563

ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted...

6.1CVSS

5.5AI Score

0.003EPSS

2021-07-30 03:15 PM

cve

CVE-2017-10798

In ObjectPlanet Opinio before 7.6.4, there is...

6.1CVSS

6.8AI Score

0.001EPSS

2017-07-03 03:29 AM