CVE-2020-9267

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajaxserver.php...

CVE-2020-9266

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajaxserver.php...

The vulnerability in the component soplanning/www/process/xajax_server.php of the SOPlanning CMS system allows a attacker to perform an XSS attack.

The vulnerability of the SOPlanning/www/process/xajaxserver.php component of the SOPlanning CMS system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

CVE-2024-9571

Cross-Site Scripting XSS vulnerability in SOPlanning 1.45, due to lack of proper validation of user input via /soplanning/www/process/xajaxserver.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take contro...

SOPlanning Cross-Site Request Forgery Vulnerability (CNVD-2020-10484)

SOPlanning is an online planning tool for efficiently organizing projects and tasks. SOPlanning 1.45 suffers from a cross-site request forgery vulnerability. An attacker can exploit this vulnerability to arbitrarily change the administrator password via process/xajaxserver.php...

SOPlanning Cross-Site Request Forgery Vulnerability

SOPlanning is an online planning tool for efficiently organizing projects and tasks. SOPlanning 1.45 suffers from a cross-site request forgery vulnerability. An attacker can exploit this vulnerability to create arbitrary users via process/xajaxserver.php...

CVE-2020-9267

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajaxserver.php...