15 matches found
CVE-2025-62295
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
EUVD-2025-198309
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
EUVD-2025-198307
SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page. This issue was fixed in version 1.55...
CVE-2025-62296
SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-62297
SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page. This issue was fixed in version 1.55...
CVE-2025-62297 Stored XSS in SOPlanning
SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page. This issue was fixed in version 1.55...
CVE-2025-62296
SOPlanning is vulnerable to Stored XSS in the /taches endpoint. A malicious user with medium privileges can inject HTML/JS that is rendered when opening the editor. The issue has a fixed patch in version 1.55. No exploit details are provided beyond the public vulnerability description in the conn...
CVE-2025-62296 Stored XSS in SOPlanning
SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-62296 Stored XSS in SOPlanning
SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-62295
SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. An authenticated attacker with medium privileges can inject arbitrary HTML/JS that is rendered/executed when opening the editor. Root cause: insufficient input validation on the group form storage path. Impact per sources: causes co...
PT-2025-47597
Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning is susceptible to a Stored Cross-Site Scripting XSS issue in the /projets API endpoint. An attacker with medium privileges can inject arbitrary HTML and JavaScript code into the website...
PT-2025-47595
Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning is susceptible to a Stored Cross-Site Scripting XSS issue in the /groupe form endpoint. An attacker with medium privileges can inject arbitrary HTML and JavaScript code into the website...
PT-2025-47596
Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning is susceptible to a Stored Cross-Site Scripting XSS issue within the /taches endpoint. An attacker with medium privileges can inject arbitrary HTML and JavaScript code into the website...
Siemens APOGEE PXC and TALON TC Series Out-of-Bounds Read (CVE-2024-54090)
Affected devices contain an out-of-bounds read in the memory dump function. This could allow an attacker with Medium MED or higher privileges to cause the device to enter an insecure cold start state. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...
PT-2025-6199 · Unknown · Apogee Pxc Series +1
Name of the Vulnerable Software and Affected Versions: APOGEE PXC Series BACnet All versions APOGEE PXC Series P2 Ethernet All versions TALON TC Series BACnet All versions Description: A vulnerability has been identified that contains an out-of-bounds read in the memory dump function. This could...