XSS in Soplanning

CVE-2026-40544

SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (14.8th percentile) — read the EPSS interpretation.