XSS in Objectplanet Opinio

CVE-2025-13873

Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (8.0th percentile) — read the EPSS interpretation.

Affected products

Objectplanet Opinio — versions 7.26 rev12562

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

www.objectplanet.com/opinio/changelog.html (release-notes)