CVE-2025-62729

Medium CVSS: 5.1

SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages.

This issue was fixed in version 1.55.

Vendor

Soplanning

Product

Soplanning

CWE

CWE-79

Yayın Tarihi

2025-11-20 16:15:59

Güncelleme

2025-11-24 13:52:24

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-79 Soplanning MEDIUM Soplanning 2025

Referanslar

https://cert.pl/en/posts/2025/11/CVE-2025-62293 https://www.soplanning.org/en/

Benzer Kayıtlar

High

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to…

Medium

CVE-2025-62731

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is…

Medium

CVE-2025-62293

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Statu…

High

CVE-2025-62294

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recov…

Medium

CVE-2025-62295

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject ar…

Medium

CVE-2025-62296

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitra…