CVE-2025-13873 – The feature to import a survey is prone to stored Cross-Site Script attacks

CVE ID : CVE-2025-13873

Published : Dec. 2, 2025, 9:56 a.m. | 29 minutes ago

Description : Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…