Vulnerabilities > Soplanning > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-07 | CVE-2024-9571 | Cross-site Scripting vulnerability in Soplanning Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. | 5.4 |
| 2024-10-07 | CVE-2024-9572 | Cross-site Scripting vulnerability in Soplanning Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. | 5.4 |
| 2024-10-07 | CVE-2024-9573 | SQL Injection vulnerability in Soplanning SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server. | 6.5 |
| 2024-10-07 | CVE-2024-9574 | SQL Injection vulnerability in Soplanning SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | 6.5 |
| 2020-10-07 | CVE-2020-25867 | Improper Authentication vulnerability in Soplanning SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. | 5.3 |
| 2020-08-11 | CVE-2020-15597 | Cross-site Scripting vulnerability in Soplanning SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. | 5.4 |
| 2020-02-22 | CVE-2020-9339 | Cross-site Scripting vulnerability in Soplanning 1.45 SOPlanning 1.45 allows XSS via the Name or Comment to status.php. | 5.4 |
| 2020-02-22 | CVE-2020-9338 | Cross-site Scripting vulnerability in Soplanning 1.45 SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. | 5.4 |
| 2020-02-18 | CVE-2020-9267 | Cross-Site Request Forgery (CSRF) vulnerability in Soplanning 1.45 SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. | 6.5 |
| 2020-02-18 | CVE-2020-9266 | Cross-Site Request Forgery (CSRF) vulnerability in Soplanning 1.45 SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php. | 6.5 |