Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Nov 21, 2025
Stored XSS in SOPlanning
CVE-2025-62731
Description
SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is able to inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. By default only administrators and users with special privileges are able to access this endpoint.
This issue was fixed in version 1.55.
Affected products
1- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- cert.pl/en/posts/2025/11/CVE-2025-62293mitrethird-party-advisory
- www.soplanning.org/en/mitreproduct
News mentions
0No linked articles in our index yet.