exploitDog

GHSA-84qf-h2cw-8mc2

Опубликовано: 20 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 5.1

CVSS3: 5.4

Описание

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor.

This issue was fixed in version 1.55.

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor.

This issue was fixed in version 1.55.

Ссылки

EPSS

Процентиль: 10%

0.00034

Низкий

5.1 Medium

CVSS4

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-62296

CVSS3: 5.4

nvd

3 месяца назад

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55.

EPSS

Процентиль: 10%

0.00034

Низкий

5.1 Medium

CVSS4

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79