CVE-2025-62731

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-62731

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62731.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-62731

Published

2025-11-20T16:16:00.363Z

Modified

2026-03-13T03:40:35.160375Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is able to inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. By default only administrators and users with special privileges are able to access this endpoint.

This issue was fixed in version 1.55.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62731.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.55.00"
            }
        ]
    }
]