CVE-2025-13873 MEDIUM

CVE-2025-13873: The feature to import a survey is prone to stored Cross-Site Script attacks

Vendor Objectplanet
Product Opinio
Weakness CWE-79 · XSS
Published December 2, 2025
Last update December 2, 2025

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.

Key dates

02Disclosure timeline

December 2, 2025 CVE published
December 2, 2025 Record updated

Related vulnerabilities

04Related CVE