Lucene search
K
ObjectplanetOpinio

9 matches found

CVE
CVE
added 2021/07/31 4:28 p.m.128 views

CVE-2020-26564

ObjectPlanet Opinio is affected by XXE in versions before 7.15. The vulnerability arises from a sequence where an attacker modifies a CSS file to include an ENTITY, creates an XML that references that CSS, and imports the XML via the survey admin interface, enabling an XXE that can be triggered d...

6.5CVSS6.7AI score0.01121EPSS
Web
CVE
CVE
added 2021/07/31 4:43 p.m.116 views

CVE-2020-26565

ObjectPlanet Opinio before 7.14 is vulnerable to an Expression Language Injection via the admin/permissionList.do parameter, allowing retrieval of potentially sensitive serverInfo data. The issue affects Opinio versions prior to 7.14; remediation is upgrading to 7.14 or later. PoCs and public wri...

7.5CVSS7.6AI score0.01724EPSS
Web
CVE
CVE
added 2021/07/31 4:13 p.m.112 views

CVE-2020-26806

ObjectPlanet Opinio is affected by CVE-2020-26806 in versions before 7.15. The vulnerability allows Unrestricted File Upload of executable JSP files via admin/file.do, enabling remote code execution because filePath can be traversed and fileContent can contain JSP. The issue is demonstrated as an...

8.8CVSS8.9AI score0.05967EPSS
Web
CVE
CVE
added 2021/07/30 2:52 a.m.81 views

CVE-2020-26563

ObjectPlanet Opinio before 7.14 is vulnerable to reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string, with stored XSS if inputs to survey/admin/*.do come from untrusted users. Affected versions are prior to 7.14; a fix/patch was provided by ObjectPlanet (referenc...

6.1CVSS5.9AI score0.00984EPSS
Web
CVE
CVE
added 2024/02/01 10:11 p.m.73 views

CVE-2023-4472

Objectplanet Opinio 7.22 and earlier are affected by a cryptographically weak PRNG with a predictable seed, enabling unauthenticated takeover of any user’s account. Root cause: weak PRNG in Opinio’s code path. Impact: high confidentiality, integrity, and availability risk via network attack; no u...

9.8CVSS9.3AI score0.00621EPSS
CVE
CVE
added 2017/07/03 3:0 a.m.58 views

CVE-2017-10798

ObjectPlanet Opinio vulnerable to a reflected XSS in versions up to 7.6.3, fixed in 7.6.4. The issue affects the /admin/reportPortal.do page via the userLanguage GET parameter, exploitable by remote unauthenticated users. Proof-of-concept shows a crafted input can trigger script execution; upgrad...

6.1CVSS6.3AI score0.00635EPSS
Web
CVE
CVE
added 2025/12/02 9:56 a.m.14 views

CVE-2025-13873

ObjectPlanet Opinio 7.26 rev12562 is affected by a stored Cross-Site Scripting (XSS) in the survey-import feature. The vulnerability arises from the import path, allowing an attacker to inject JavaScript that executes in the browsing context of visitors accessing the compromised survey. No exploi...

5.4CVSS5.2AI score0.0017EPSS
CVE
CVE
added 2025/12/02 9:42 a.m.11 views

CVE-2025-13871

CVE-2025-13871 concerns CSRF in the Resource-Management feature of ObjectPlanet Opinio 7.26 rev12562. The vulnerability allows uploading files on behalf of authenticated users and subsequently accessing those files without authentication. Concrete details across connected sources confirm the affe...

8.8CVSS6.7AI score0.00161EPSS
CVE
CVE
added 2025/12/02 9:51 a.m.11 views

CVE-2025-13872

CVE-2025-13872 affects ObjectPlanet Opinio 7.26 rev12562. The survey-import feature is vulnerable to Blind Server-Side Request Forgery (SSRF), allowing an attacker to force the server to issue HTTP GET requests to an arbitrary destination. Public details in the connected sources confirm the affec...

9.1CVSS6.6AI score0.00267EPSS