Opinio@* Security Vulnerabilities and Issues — Opinio@* CVE List

Lucene search

ObjectplanetOpinio*

4 matches found

CVE•added 2021/07/31 5:15 p.m.•112 views

CVE-2020-26564

ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have

6.5CVSS6.7AI score0.00191EPSS

CVE•added 2021/07/31 5:15 p.m.•102 views

CVE-2020-26565

ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.

7.5CVSS7.6AI score0.00662EPSS

CVE•added 2021/07/31 5:15 p.m.•96 views

CVE-2020-26806

admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.

8.8CVSS8.9AI score0.05031EPSS

CVE•added 2021/07/30 3:15 p.m.•69 views

CVE-2020-26563

ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.)

6.1CVSS5.9AI score0.00463EPSS