CVE-2025-62731

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55

Description SOPlanning is susceptible to a Stored Cross-Site Scripting (XSS) issue within the /feries endpoint. A malicious actor with access to the public holidays feature can inject arbitrary HTML and JavaScript code into the website. This injected code will be rendered and executed when various pages are accessed. By default, access to this endpoint is limited to administrators and users with specific privileges.

Recommendations Update to version 1.55 or later.