CVE-2025-41001

Name of the Vulnerable Software and Affected Versions SOPlanning version 1.53.02

Description A stored Cross Site Scripting (XSS) issue exists in SOPlanning version 1.53.02. This is due to insufficient validation of user-supplied data. An attacker can exploit this by sending a POST request utilizing the LOGOUT REDIRECT parameter within the ''/soplanning/www/process/options.php'' endpoint. Successful exploitation could allow a remote attacker to send a malicious query to an authenticated user, potentially leading to the theft of their cookie session details.

Recommendations Update to a newer version of SOPlanning that addresses this vulnerability. As a temporary workaround, restrict or disable the use of the LOGOUT REDIRECT parameter in the ''/soplanning/www/process/options.php'' endpoint.