Filtered by vendor Soplanning
Subscriptions
Filtered by product Soplanning
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15597 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 5.4 Medium |
| SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. | ||||
| CVE-2020-13963 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 9.8 Critical |
| SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account). | ||||
| CVE-2019-20179 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 8.8 High |
| SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter. | ||||
| CVE-2014-8674 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 5.4 Medium |
| Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code. | ||||
| CVE-2014-8673 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 9.8 Critical |
| Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33. | ||||