Soplanning

11 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-62731 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning

NVD

CVSS 4.0

5.1

EPSS

0.0%

CVE-2025-62730 HIGH This Month

SOPlanning is vulnerable to Privilege Escalation in user management tab. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Soplanning

NVD

CVSS 4.0

8.7

EPSS

0.1%

CVE-2025-62729 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /status endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning

NVD

CVSS 4.0

5.1

EPSS

0.1%

CVE-2025-62297 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /projets endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning

NVD

CVSS 4.0

5.1

EPSS

0.1%

CVE-2025-62296 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning

NVD

CVSS 4.0

5.1

EPSS

0.1%

CVE-2025-62295 MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning

NVD

CVSS 4.0

5.1

EPSS

0.1%

CVE-2025-62294 HIGH This Month

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Soplanning

NVD

CVSS 4.0

8.7

EPSS

0.1%

CVE-2025-62293 MEDIUM This Month

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Soplanning

NVD

CVSS 4.0

5.3

EPSS

0.0%

CVE-2025-41001 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability stored in SOPlanning v1.53.02, which consist of a stored XSS due to a lack of proper validation of user input by sending a POST request using the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Soplanning

NVD

CVSS 4.0

5.1

EPSS

0.1%

CVE-2024-57170 MEDIUM POC This Month

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Denial Of Service Soplanning

NVD

CVSS 3.1

6.5

EPSS

0.5%

CVE-2024-57169 CRITICAL POC Act Now

A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Soplanning

NVD

CVSS 3.1

9.8

EPSS

1.8%

CVE-2025-62731

EPSS 0% CVSS 5.1

MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning

NVD

CVE-2025-62730

EPSS 0% CVSS 8.7

HIGH This Month

SOPlanning is vulnerable to Privilege Escalation in user management tab. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Soplanning

NVD

CVE-2025-62729

EPSS 0% CVSS 5.1

MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /status endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning

NVD

CVE-2025-62297

EPSS 0% CVSS 5.1

MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /projets endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning

NVD

CVE-2025-62296

EPSS 0% CVSS 5.1

MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning

NVD

CVE-2025-62295

EPSS 0% CVSS 5.1

MEDIUM This Month

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Soplanning

NVD

CVE-2025-62294

EPSS 0% CVSS 8.7

HIGH This Month

Information Disclosure Soplanning

NVD

CVE-2025-62293

EPSS 0% CVSS 5.3

MEDIUM This Month

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Soplanning

NVD

CVE-2025-41001

EPSS 0% CVSS 5.1

MEDIUM This Month

PHP XSS Soplanning

NVD

CVE-2024-57170

EPSS 1% CVSS 6.5

MEDIUM POC This Month

PHP Path Traversal Denial Of Service +1

NVD

CVE-2024-57169

EPSS 2% CVSS 9.8

CRITICAL POC Act Now

PHP RCE File Upload +1

NVD