2 matches found
CVE-2024-33724
SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...
CVE-2024-9572
Cross-Site Scripting XSS vulnerability in SOPlanning 1.45, due to lack of proper validation of user input via /soplanning/www/process/groupesave.php, in the groupeid parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session detail...