Vulnerabilities > Objectplanet

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2023-4472 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Objectplanet Opinio
Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.
network
low complexity
objectplanet CWE-335
critical
9.8
2021-07-31 CVE-2020-26564 XXE vulnerability in Objectplanet Opinio
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFile'] URI.
network
low complexity
objectplanet CWE-611
6.5
2021-07-31 CVE-2020-26565 Expression Language Injection vulnerability in Objectplanet Opinio
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter.
network
low complexity
objectplanet CWE-917
7.5
2021-07-31 CVE-2020-26806 Path Traversal vulnerability in Objectplanet Opinio
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.
network
low complexity
objectplanet CWE-22
8.8
2021-07-30 CVE-2020-26563 Cross-site Scripting vulnerability in Objectplanet Opinio
ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string.
network
low complexity
objectplanet CWE-79
6.1
2017-07-03 CVE-2017-10798 Cross-site Scripting vulnerability in Objectplanet Opinio
In ObjectPlanet Opinio before 7.6.4, there is XSS.
network
low complexity
objectplanet CWE-79
6.1