VYPR
Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Nov 20, 2025

Stored XSS in SOPlanning

CVE-2025-62296

Description

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor.

This issue was fixed in version 1.55.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.