56 matches found
CVE-2026-40549
SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupesave create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...
CVE-2026-40549 Cross-Site Request Forgery in SOPlanning
SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupesave create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...
CVE-2026-40549
SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in the groupe_save create, modify, and delete endpoints. An attacker could induce an authenticated user to issue forged GET or POST requests via a malicious site. Affected version: 1.55 and below. The CVSS metrics indicate low to moder...
CVE-2026-40549
SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupesave create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...
CVE-2024-33724
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...
EUVD-2024-31434
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...
CVE-2024-33724
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...
CVE-2024-33724
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...
CVE-2024-33724
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...
CVE-2025-62295
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
EUVD-2025-198309
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-62295
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-62295 Stored XSS in SOPlanning
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-62295
SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. An authenticated attacker with medium privileges can inject arbitrary HTML/JS that is rendered/executed when opening the editor. Root cause: insufficient input validation on the group form storage path. Impact per sources: causes co...
CVE-2025-62295 Stored XSS in SOPlanning
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
SOPlanning 跨站脚本漏洞
SOPlanning is a suite of online project management software from SOPlanning, Inc. A cross-site scripting vulnerability exists in SOPlanning versions prior to 1.55, which stems from the /groupeform endpoint that does not properly clean its inputs, and could lead to stored cross-site scripting...
CVE-2024-9573
SQL injection vulnerability in SOPlanning 1.45, through /soplanning/www/groupelist.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server...
CVE-2024-9572
Cross-Site Scripting XSS vulnerability in SOPlanning 1.45, due to lack of proper validation of user input via /soplanning/www/process/groupesave.php, in the groupeid parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session detail...
PT-2024-39694 · Unknown · Soplanning
Name of the Vulnerable Software and Affected Versions: SOPlanning versions prior to 1.45 Description: The issue allows a remote user to send a specially crafted query and extract all the information stored on the server through the /soplanning/www/groupe list.php endpoint, specifically in the by...
PT-2024-7161 · Unknown · Soplanning
Name of the Vulnerable Software and Affected Versions: SOPlanning versions prior to 1.45 Description: The issue is a Cross-Site Scripting XSS vulnerability due to the lack of proper validation of user input. This could allow a remote user to send a specially crafted query to an authenticated user...