Vulnerabilities > Soplanning

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-11	CVE-2020-15597	Cross-site Scripting vulnerability in Soplanning SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. network low complexity soplanning CWE-79	5.4
2020-02-22	CVE-2020-9339	Cross-site Scripting vulnerability in Soplanning 1.45 SOPlanning 1.45 allows XSS via the Name or Comment to status.php. network low complexity soplanning CWE-79	5.4
2020-02-22	CVE-2020-9338	Cross-site Scripting vulnerability in Soplanning 1.45 SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. network low complexity soplanning CWE-79	5.4
2020-02-18	CVE-2020-9269	SQL Injection vulnerability in Soplanning 1.45 SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php. network low complexity soplanning CWE-89	7.2
2020-02-18	CVE-2020-9268	SQL Injection vulnerability in Soplanning 1.45 SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring. network low complexity soplanning CWE-89	7.5
2020-02-18	CVE-2020-9267	Cross-Site Request Forgery (CSRF) vulnerability in Soplanning 1.45 SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. network low complexity soplanning CWE-352	6.5
2020-02-18	CVE-2020-9266	Cross-Site Request Forgery (CSRF) vulnerability in Soplanning 1.45 SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php. network low complexity soplanning CWE-352	6.5
2020-01-09	CVE-2019-20179	SQL Injection vulnerability in Soplanning SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter. network low complexity soplanning CWE-89	8.8
2020-01-07	CVE-2014-8673	SQL Injection vulnerability in Soplanning Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33. network low complexity soplanning CWE-89 critical	9.8
2020-01-06	CVE-2014-8674	Cross-site Scripting vulnerability in Soplanning Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code. network low complexity soplanning CWE-79	5.4

Vulnerabilities > Soplanning {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Soplanning"}]}

Vulnerabilities > Soplanning