Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Nov 20, 2025
Stored XSS in SOPlanning
CVE-2025-62297
Description
SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page.
This issue was fixed in version 1.55.
Affected products
1- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- cert.pl/en/posts/2025/11/CVE-2025-62293mitrethird-party-advisory
- www.soplanning.org/en/mitreproduct
News mentions
0No linked articles in our index yet.