77 matches found
CVE-2025-13873
Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...
CVE-2025-13873
Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...
CVE-2025-13871
Cross-Site Request Forgery CSRF in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication...
CVE-2025-13871
Cross-Site Request Forgery CSRF in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication...
CVE-2025-13872
Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...
CVE-2025-13872
Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...
EUVD-2025-200215
Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...
CVE-2025-13873 The feature to import a survey is prone to stored Cross-Site Script attacks
Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...
CVE-2025-13873 The feature to import a survey is prone to stored Cross-Site Script attacks
Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...
CVE-2025-13872 Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio
Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...
CVE-2025-13872 Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio
Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...
EUVD-2025-200216
Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...
CVE-2025-13872
CVE-2025-13872 affects ObjectPlanet Opinio 7.26 rev12562. The survey-import feature is vulnerable to Blind Server-Side Request Forgery (SSRF), allowing an attacker to force the server to issue HTTP GET requests to an arbitrary destination. Public details in the connected sources confirm the affec...
CVE-2025-13871 The feature to manage resources is prone to Cross-Site Request Forgery attacks
Cross-Site Request Forgery CSRF in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication...
CVE-2025-13871 The feature to manage resources is prone to Cross-Site Request Forgery attacks
Cross-Site Request Forgery CSRF in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication...
EUVD-2025-200217
Cross-Site Request Forgery CSRF in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication...
ObjectPlanet Opinio 安全漏洞
ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in ObjectPlanet Opinio version 7.26 rev12562, which stems from the presence of stored cross-site scripting in the survey import function, which could allow an attacker to inject arbitrary...
PT-2025-48659
Name of the Vulnerable Software and Affected Versions ObjectPlanet Opinio versions 7.26 rev12562 Description A flaw exists in the survey-import feature that allows an attacker to force the server to make HTTP GET requests to an arbitrary destination through crafted import requests. This is a Blin...
PT-2025-48660
Name of the Vulnerable Software and Affected Versions ObjectPlanet Opinio versions 7.26 rev12562 Description A stored Cross-Site Scripting XSS issue exists in the survey-import feature of the web application. This allows an attacker to inject arbitrary JavaScript code that will execute within the...
PT-2025-48658
Name of the Vulnerable Software and Affected Versions ObjectPlanet Opinio version 7.26 rev12562 Description A Cross-Site Request Forgery CSRF issue exists in the resource-management feature. This allows an attacker to upload files on behalf of connected users and then access those files without...