CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-41001

Cross Site Scripting (XSS) vulnerability stored in SOPlanning v1.53.02, which consist of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'LOGOUT_REDIRECT' parameter in '/soplanning/www/process/options.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.3%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-soplanning

Products affected by CVE-2025-41001

Soplanning » Soplanning » Version: 1.53.02

cpe:2.3:a:soplanning:soplanning:1.53.02

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-41001

Products

Pricing

Contact Us