Vulnerabilities > Soplanning > Soplanning > 1.43
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-07 | CVE-2020-25867 | Improper Authentication vulnerability in Soplanning SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. | 4.3 |
2020-08-11 | CVE-2020-15597 | Cross-site Scripting vulnerability in Soplanning SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. | 3.5 |
2020-01-09 | CVE-2019-20179 | SQL Injection vulnerability in Soplanning SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter. | 8.8 |