CVE-2025-41001

Medium CVSS: 5.1

Cross Site Scripting (XSS) vulnerability stored in SOPlanning v1.53.02, which consist of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'LOGOUT_REDIRECT' parameter in '/soplanning/www/process/options.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

Vendor

Soplanning

Product

Soplanning

CWE

CWE-79

Yayın Tarihi

2025-11-10 10:15:35

Güncelleme

2025-11-21 21:17:53

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-79 Soplanning MEDIUM Soplanning 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-soplanning

Benzer Kayıtlar

High

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to…

Medium

CVE-2025-62731

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is…

Medium

CVE-2025-62293

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Statu…

High

CVE-2025-62294

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recov…

Medium

CVE-2025-62295

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject ar…

Medium

CVE-2025-62296

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitra…