CVE-2025-62297

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55

Description SOPlanning is susceptible to a Stored Cross-Site Scripting (XSS) issue in the /projets API endpoint. An attacker with medium privileges can inject arbitrary HTML and JavaScript code into the website. This injected code will be rendered and executed when an edited page is opened.

Recommendations Update SOPlanning to version 1.55 or later.