CVE-2025-13873
The feature to import a survey is prone to stored Cross-Site Script attacks
Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
ObjectPlanet · OpinioWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →