65 matches found
CVE-2020-26563
ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. There is also stored XSS if input to survey/admin/.do is accepted from untrusted users...
Cross site scripting
ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. There is also stored XSS if input to survey/admin/.do is accepted from untrusted users...
CVE-2020-26563
ObjectPlanet Opinio before 7.14 is vulnerable to reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string, with stored XSS if inputs to survey/admin/*.do come from untrusted users. Affected versions are prior to 7.14; a fix/patch was provided by ObjectPlanet (referenc...
CVE-2020-26563
ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. There is also stored XSS if input to survey/admin/.do is accepted from untrusted users...
ObjectPlanet Opinio 代码问题漏洞
ObjectPlanet Opinio is an online survey system from the Norwegian company ObjectPlanet. A security vulnerability exists in ObjectPlanet Opinio versions prior to 7.15, which stems from the program allowing unlimited file uploads of executable JSP files, leading to remote code execution...
ObjectPlanet Opinio 代码问题漏洞
ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A code issue vulnerability exists in ObjectPlanet Opinio versions prior to 7.15, which stems from a program that allows XXE attacks by modifying a css file and importing this .xml file in the survey administration folder...
ObjectPlanet Opinio 7.13 Expression Language Injection Vulnerability
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26565 Exploit Title: ObjectPlanet Opinio version 7.13 allows expression language injection Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors:...
ObjectPlanet Opinio 7.13 / 7.14 XML Injection
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26564 Exploit Title: ObjectPlanet Opinio version 7.13/7.14 allows XXE injection Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timothy Tan ...
ObjectPlanet Opinio 7.13 Shell Upload Vulnerability
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26806 Exploit Title: ObjectPlanet Opinio version 7.13 allows unrestricted file upload Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timoth...
ObjectPlanet Opinio 7.13 Shell Upload
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26806 Exploit Title: ObjectPlanet Opinio version 7.13 allows unrestricted file upload Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timoth...
ObjectPlanet Opinio 7.13 / 7.14 XML Injection Vulnerability
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26564 Exploit Title: ObjectPlanet Opinio version 7.13/7.14 allows XXE injection Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timothy Tan ...
ObjectPlanet Opinio 安全漏洞
ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in ObjectPlanet Opinio versions prior to 7.14, which stems from the program allowing the injection of expression language via an administrative privilege list, which can be used to retrieve...
ObjectPlanet Opinio 7.13 Expression Language Injection
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26565 Exploit Title: ObjectPlanet Opinio version 7.13 allows expression language injection Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors:...
ObjectPlanet Opinio 7.12 Cross Site Scripting
Exploit Title: ObjectPlanet Opinio 7.12 allows Cross-Site Scripting Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Ang Kar Min https://www.linkedin.com/in/karmin-ang CVE: CVE-2020-26563 Timeline - September 2019: Initial...
ObjectPlanet Opinio 跨站脚本漏洞
ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in ObjectPlanet Opinio versions prior to 7.14. The vulnerability stems from ObjectPlanet opinion prior to 7.14 allowing XSS to be reflected via the...
ObjectPlanet Opinio 7.6.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Vendor: ObjectPlanet Product: Opinio Version: Up to 7.6.3 inclusive Homepage: http://www.objectplanet.com/opinio/ CVE: CVE-2017-10798 Description ================ Reflected XSS vulnerability in ObjectPlanet Opinio up to version 7.6.3...
ObjectPlanet Opinio 7.6.3 Cross Site Scripting
Vendor: ObjectPlanet Product: Opinio Version: Up to 7.6.3 inclusive Homepage: http://www.objectplanet.com/opinio/ CVE: CVE-2017-10798 Description ================ Reflected XSS vulnerability in ObjectPlanet Opinio up to version 7.6.3. Vulnerability ================ The /admin/reportPortal.do page...
Cross site scripting
In ObjectPlanet Opinio before 7.6.4, there is XSS...
CVE-2017-10798
In ObjectPlanet Opinio before 7.6.4, there is XSS...
CVE-2017-10798
In ObjectPlanet Opinio before 7.6.4, there is XSS...