7 matches found
CVE-2025-62295
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
EUVD-2025-198309
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-62295
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-62295 Stored XSS in SOPlanning
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-62295 Stored XSS in SOPlanning
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-62295
SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. An authenticated attacker with medium privileges can inject arbitrary HTML/JS that is rendered/executed when opening the editor. Root cause: insufficient input validation on the group form storage path. Impact per sources: causes co...
SOPlanning 跨站脚本漏洞
SOPlanning is a suite of online project management software from SOPlanning, Inc. A cross-site scripting vulnerability exists in SOPlanning versions prior to 1.55, which stems from the /groupeform endpoint that does not properly clean its inputs, and could lead to stored cross-site scripting...