CVE-2025-41001 MEDIUM

CVE-2025-41001: Cross-Site Scripting (XSS) in SOPlanning

Vendor Soplanning
Product SOPlanning
Weakness CWE-79 · XSS
Published November 10, 2025
Last update November 10, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Cross Site Scripting (XSS) vulnerability stored in SOPlanning v1.53.02, which consist of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'LOGOUT_REDIRECT' parameter in '/soplanning/www/process/options.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

Key dates

02Disclosure timeline

November 10, 2025 CVE published
November 10, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-4201 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab CVE-2024-3166 Cross-Site Scripting (XSS) Vulnerability in mintplex-labs/anything-llm CVE-2023-45835 WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) CVE-2025-67538 WordPress JNews Gallery plugin < 12.0.1 - Cross Site Scripting (XSS) vulnerability CVE-2022-1094 Amr Users < 4.59.4 - Admin+ Stored Cross-Site Scripting