CVE-2025-13873

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-13873

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13873.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-13873

Published

2025-12-02T10:16:02.073Z

Modified

2026-03-12T17:37:42.397115Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.

References

https://www.objectplanet.com/opinio/changelog.html

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.26"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13873.json"