Objectplanet
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10798 | Med | 0.40 | 6.1 | 0.00 | Jul 3, 2017 | In ObjectPlanet Opinio before 7.6.4, there is XSS. | ||
| CVE-2025-13873 | 0.00 | — | 0.00 | Dec 2, 2025 | Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey. | |||
| CVE-2025-13872 | 0.00 | — | 0.00 | Dec 2, 2025 | Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination. | |||
| CVE-2025-13871 | 0.00 | — | 0.00 | Dec 2, 2025 | Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication. |
- risk 0.40cvss 6.1epss 0.00
In ObjectPlanet Opinio before 7.6.4, there is XSS.
- CVE-2025-13873Dec 2, 2025risk 0.00cvss —epss 0.00
Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.
- CVE-2025-13872Dec 2, 2025risk 0.00cvss —epss 0.00
Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination.
- CVE-2025-13871Dec 2, 2025risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication.