Lucene search
+L

248 matches found

CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

SOPlanning SQL注入漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Version 1.52.00 of SOPlanning contains an SQL injection vulnerability. This vulnerability stems from the SQL injection in the projects.php file, and it could be exploited by authenticated users...

6.3CVSS5.8AI score0.00241EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.8 views

CVE-2024-33724

SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...

5.8AI score0.00551EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.6 views

CVE-2024-33722

SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...

5.9AI score0.00241EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.14 views

SOPlanning 跨站脚本漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Version 1.52.00 of SOPlanning contains a cross-site scripting vulnerability, which stems from the groupeid parameter in the process/groupesave.php file, which exposes a cross-site scripting attack...

5.4CVSS5.6AI score0.00551EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.46 views

SOPlanning 1.52.00 Cross Site Scripting

SOPlanning v1.52.00 is vulnerable to XSS via the 'groupeid' parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform. id: CVE-2024-33724 info: name: SOPlanni...

5.4CVSS6.4AI score0.00551EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.6 views

SOPlanning 1.41 SQL Injection

A SQL injection vulnerability exists in SOPlanning version 1.41. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This issue is older research added to the archive...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/26 4:56 p.m.5 views

CVE-2025-62294

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time. This issue was fixed in version 1.55...

8.7CVSS6.9AI score0.00296EPSS
Exploits0References1
NVD
NVD
added 2025/11/20 4:16 p.m.7 views

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

8.8CVSS0.00286EPSS
Exploits0References2
OSV
OSV
added 2025/11/20 4:15 p.m.4 views

CVE-2025-62294

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time. This issue was fixed in version 1.55...

7.5CVSS5.8AI score0.00296EPSS
Exploits0References2
NVD
NVD
added 2025/11/20 4:15 p.m.3 views

CVE-2025-62293

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

5.4CVSS0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/20 3:44 p.m.1 views

CVE-2025-62731 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is able to inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. By default only administrators and users with special privileges...

5.1CVSS5.7AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/20 3:44 p.m.9 views

CVE-2025-62731 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is able to inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. By default only administrators and users with special privileges...

5.1CVSS0.00167EPSS
Exploits0References2
CVE
CVE
added 2025/11/20 3:44 p.m.21 views

CVE-2025-62731

SOPlanning is affected by Stored XSS across multiple endpoints (/feries, /groupe_form, /projets, /taches, /status). An attacker with access to the public holidays feature or with medium privileges can inject HTML/JS that executes in the victim’s browser. Root cause cited is insufficient input san...

5.1CVSS5.4AI score0.00167EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/11/20 3:44 p.m.10 views

CVE-2025-62730 Privilege Escalation via Incorrect Authorization in SOPlanning

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

8.7CVSS0.00286EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/20 3:44 p.m.4 views

CVE-2025-62730 Privilege Escalation via Incorrect Authorization in SOPlanning

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

8.7CVSS6.2AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2025/11/20 3:44 p.m.15 views

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation via the user management tab. A user with the user_manage_team role can modify permissions and assign administrative rights to any user, including themselves, enabling escalation to admin. The issue affects both Bulk Update and standard user-right e...

8.8CVSS6.2AI score0.00286EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/20 3:43 p.m.2 views

CVE-2025-62729 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55...

5.1CVSS5.4AI score0.00164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/20 3:43 p.m.2 views

CVE-2025-62296 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...

5.1CVSS5.4AI score0.00164EPSS
Exploits0References2
CVE
CVE
added 2025/11/20 3:43 p.m.18 views

CVE-2025-62296

SOPlanning is vulnerable to Stored XSS in the /taches endpoint. A malicious user with medium privileges can inject HTML/JS that is rendered when opening the editor. The issue has a fixed patch in version 1.55. No exploit details are provided beyond the public vulnerability description in the conn...

5.4CVSS5.4AI score0.00164EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/11/20 3:43 p.m.12 views

CVE-2025-62295 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...

5.1CVSS0.00164EPSS
Exploits0References2
Rows per page
Query Builder