Lucene search
K

17 matches found

NVD
NVD
added 2025/12/02 10:16 a.m.11 views

CVE-2025-13873

Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...

5.4CVSS0.0017EPSS
Exploits0References1
OSV
OSV
added 2025/12/02 10:16 a.m.3 views

CVE-2025-13873

Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...

5.4CVSS5.9AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2025/12/02 10:16 a.m.8 views

CVE-2025-13872

Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...

9.1CVSS0.00267EPSS
Exploits0References1
OSV
OSV
added 2025/12/02 10:16 a.m.4 views

CVE-2025-13872

Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...

9.1CVSS5.9AI score0.00267EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 9:56 a.m.12 views

CVE-2025-13873

ObjectPlanet Opinio 7.26 rev12562 is affected by a stored Cross-Site Scripting (XSS) in the survey-import feature. The vulnerability arises from the import path, allowing an attacker to inject JavaScript that executes in the browsing context of visitors accessing the compromised survey. No exploi...

5.4CVSS5.2AI score0.0017EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/02 9:56 a.m.4 views

EUVD-2025-200215

Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...

4.8CVSS5.1AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/02 9:56 a.m.8 views

CVE-2025-13873 The feature to import a survey is prone to stored Cross-Site Script attacks

Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...

4.8CVSS0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 9:56 a.m.3 views

CVE-2025-13873 The feature to import a survey is prone to stored Cross-Site Script attacks

Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...

4.8CVSS5.2AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 9:51 a.m.11 views

CVE-2025-13872

CVE-2025-13872 affects ObjectPlanet Opinio 7.26 rev12562. The survey-import feature is vulnerable to Blind Server-Side Request Forgery (SSRF), allowing an attacker to force the server to issue HTTP GET requests to an arbitrary destination. Public details in the connected sources confirm the affec...

9.1CVSS6.6AI score0.00267EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/02 9:51 a.m.9 views

CVE-2025-13872 Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio

Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...

2.1CVSS6.6AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 9:51 a.m.15 views

CVE-2025-13872 Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio

Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...

2.1CVSS0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/02 9:51 a.m.3 views

EUVD-2025-200216

Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...

2.1CVSS6.5AI score0.00267EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.6 views

ObjectPlanet Opinio 安全漏洞

ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in ObjectPlanet Opinio version 7.26 rev12562, which stems from the presence of stored cross-site scripting in the survey import function, which could allow an attacker to inject arbitrary...

5.4CVSS6AI score0.0017EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.4 views

ObjectPlanet Opinio 安全漏洞

ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in ObjectPlanet Opinio version 7.26 rev12562, which stems from a blind server-side request forgery in the survey import feature that could cause the server to execute an arbitrary HTTP GET...

9.1CVSS7.1AI score0.00267EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.6 views

PT-2025-48660

Name of the Vulnerable Software and Affected Versions ObjectPlanet Opinio versions 7.26 rev12562 Description A stored Cross-Site Scripting XSS issue exists in the survey-import feature of the web application. This allows an attacker to inject arbitrary JavaScript code that will execute within the...

5.4CVSS5.8AI score0.0017EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.18 views

CVE-2020-26564

ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have !ENTITY content, create a .xml file for a generic survey template containing a link to this .css file, and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey'importFile'...

6.5CVSS6.8AI score0.01121EPSS
Exploits5
OSV
OSV
added 2021/07/31 5:15 p.m.5 views

CVE-2020-26564

ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have !ENTITY content, create a .xml file for a generic survey template containing a link to this .css file, and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey'importFile'...

6.5CVSS5.8AI score0.01121EPSS
Exploits5References2
Rows per page
Query Builder