CVE-2025-13873
The feature to import a survey is prone to stored Cross-Site Script attacks
Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
ObjectPlanet · Opinio¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →