CVE-2025-13873
The feature to import a survey is prone to stored Cross-Site Script attacks
Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
ObjectPlanet · OpinioQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →