Objectplanet: >> Opinio >> 7.26 Security Vulnerabilities
Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-02
Cross-Site Request Forgery (CSRF) in the resource-management feature of
ObjectPlanet Opinio 7.26 rev12562
allows to upload
files on behalf of the connected users and then access such files without authentication.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-12-02
Blind Server-Side Request Forgery (SSRF) in the survey-import feature of
ObjectPlanet Opinio 7.26 rev12562 on
Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests
to an arbitrary destination.
CVSS Score
9.1
EPSS Score
0.0
Published
2025-12-02