12 matches found
CVE-2026-40549
SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupesave create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...
CVE-2026-40549 Cross-Site Request Forgery in SOPlanning
SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupesave create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...
CVE-2026-40549
SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in the groupe_save create, modify, and delete endpoints. An attacker could induce an authenticated user to issue forged GET or POST requests via a malicious site. Affected version: 1.55 and below. The CVSS metrics indicate low to moder...
CVE-2026-40549
SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupesave create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...
CVE-2024-33724
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...
EUVD-2024-31434
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...
CVE-2024-33724
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...
CVE-2024-33724
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...
CVE-2024-33724
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...
The vulnerability in the /soplanning/www/process/groupe_save.php component of the SOPlanning CMS system allows a attacker to perform XSS attacks.
The vulnerability of the /soplanning/www/process/groupesave.php component of the SOPlanning CMS system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using the groupeid parameter...
CVE-2024-9572
Cross-Site Scripting XSS vulnerability in SOPlanning 1.45, due to lack of proper validation of user input via /soplanning/www/process/groupesave.php, in the groupeid parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session detail...
PT-2024-7161 · Unknown · Soplanning
Name of the Vulnerable Software and Affected Versions: SOPlanning versions prior to 1.45 Description: The issue is a Cross-Site Scripting XSS vulnerability due to the lack of proper validation of user input. This could allow a remote user to send a specially crafted query to an authenticated user...