2 matches found
CVE-2026-40549
SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupesave create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...
PT-2024-7161 · Unknown · Soplanning
Name of the Vulnerable Software and Affected Versions: SOPlanning versions prior to 1.45 Description: The issue is a Cross-Site Scripting XSS vulnerability due to the lack of proper validation of user input. This could allow a remote user to send a specially crafted query to an authenticated user...