Reflected and Stored XSS Vulnerabilities in ObjectPlanet Opinio before 7.14

Reflected and Stored XSS Vulnerabilities in ObjectPlanet Opinio before 7.14

CVE-2020-26563 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.)

Learn more about our User Device Pen Test.