exploitDog

GHSA-78h9-h7hw-grrr

Опубликовано: 20 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 5.1

CVSS3: 5.4

Описание

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor.

This issue was fixed in version 1.55.

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor.

This issue was fixed in version 1.55.

Ссылки

EPSS

Процентиль: 12%

0.00039

Низкий

5.1 Medium

CVSS4

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-62295

CVSS3: 5.4

nvd

3 месяца назад

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55.

EPSS

Процентиль: 12%

0.00039

Низкий

5.1 Medium

CVSS4

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79