Security Vulnerabilities
SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor.
This issue was fixed in version 1.55.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-20
SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page.
This issue was fixed in version 1.55.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-20
SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages.
This issue was fixed in version 1.55.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-20
IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-11-20
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-20
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-20
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-20
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-20
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-20
phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-20