216.73.216.133

CVE-2025-13873

· Published 02/12/2025 10:16 · Modified 04/12/2025 17:49

Labels: CVE-2025-13873 2025-12-0264c5ae8f-7972-4697-86a0-7ada793ac795CVE-2025-13873CWE-79

Essential information

Published
02/12/2025 10:16
Modified
04/12/2025 17:49
Author
Creator
CVSS
4.8 MEDIUM (v3) 4.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
64c5ae8f-7972-4697-86a0-7ada793ac795
NVD
View on NVD

Affected products (CPE)

ProductCPE
objectplanet / opinio cpe:2.3:a:objectplanet:opinio:7.26:*:*:*:*:*:*:*

References