Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Nov 20, 2025
Stored XSS in SOPlanning
CVE-2025-62297
Description
SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page.
This issue was fixed in version 1.55.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<1.55+ 1 more
- (no CPE)range: <1.55
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
2- cert.pl/en/posts/2025/11/CVE-2025-62293mitrethird-party-advisory
- www.soplanning.org/en/mitreproduct
News mentions
0No linked articles in our index yet.