Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/11/21 3:43 p.m.10 views

CVE-2025-62295

SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...

5.4CVSS6AI score0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/20 6:31 p.m.3 views

EUVD-2025-198309

SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...

5.3CVSS5.6AI score0.00149EPSS
Exploits0References3
NVD
NVD
added 2025/11/20 4:15 p.m.8 views

CVE-2025-62295

SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...

5.4CVSS0.00143EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/20 3:43 p.m.9 views

CVE-2025-62295 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...

5.1CVSS0.00143EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/20 3:43 p.m.1 views

CVE-2025-62295 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...

5.1CVSS5.7AI score0.00143EPSS
Exploits0References2
CVE
CVE
added 2025/11/20 3:43 p.m.15 views

CVE-2025-62295

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. An authenticated attacker with medium privileges can inject arbitrary HTML/JS that is rendered/executed when opening the editor. Root cause: insufficient input validation on the group form storage path. Impact per sources: causes co...

5.4CVSS5.4AI score0.00143EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.3 views

SOPlanning 跨站脚本漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A cross-site scripting vulnerability exists in SOPlanning versions prior to 1.55, which stems from the /groupeform endpoint that does not properly clean its inputs, and could lead to stored cross-site scripting...

5.4CVSS5.5AI score0.00149EPSS
Exploits0References2
Rows per page
Query Builder