exploitDog

CVE-2025-13873

Опубликовано: 02 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.

Ссылки

https://www.objectplanet.com/opinio/changelog.html
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:objectplanet:opinio:7.26:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00038

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-wr88-5946-rq47

CVSS3: 5.4

github

2 месяца назад

Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.

EPSS

Процентиль: 11%

0.00038

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79