CVE-2025-62297 – Stored XSS in SOPlanning

CVE ID : CVE-2025-62297

Published : Nov. 20, 2025, 4:15 p.m. | 58 minutes ago

Description : SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page.

This issue was fixed in version 1.55.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…