Unrated severityNVD Advisory· Published Dec 2, 2025· Updated Dec 2, 2025

The feature to import a survey is prone to stored Cross-Site Script attacks

CVE-2025-13873

Description

Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.

Affected products

Objectplanet/Opiniollm-fuzzy
Range: = 7.26 rev12562
ObjectPlanet/Opiniov5
Range: 7.26 rev12562

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.objectplanet.com/opinio/changelog.htmlmitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000