CVE-2025-62293

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

CVE-2025-62293

SOPlanning is affected by Broken Access Control in the /status endpoint due to missing permission checks in Project Status functionality. An authenticated attacker can add, edit, or delete statuses. A fix is available in version 1.55. The CVE-entry is supported by Red Hat and EU vulnerability ref...

CVE-2025-62293 Broken Access Control in SOPlanning

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, or 3 notes parameter to the client page; 4 insuname or 5 price parameter to the addinsurancecat page; or 6 status parameter to the...