CVE-2026-40545 MEDIUM

CVE-2026-40545: Reflected XSS in SOPlanning

Vendor Soplanning

Product SOPlanning

Weakness CWE-79 · XSS

Published June 1, 2026

Last update June 1, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue affects SOPlanning version 1.55 and below.

Key dates

02Disclosure timeline

June 1, 2026 CVE published

June 1, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-40545 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-1493 Cross-Site Scripting in LEX Baza Dokumentów CVE-2025-12484 Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers <= 1.12.19 - Unauthenticated Stored Cross-Site Scripting CVE-2025-57926 WordPress Passster Plugin <= 4.2.18 - Cross Site Scripting (XSS) Vulnerability CVE-2025-4745 code-projects Employee Record System current_employees.php cross site scripting CVE-2023-5867 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq