Security Advisory

CVE-2024-9572

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-10-07 14:46:03

Last updated 2025-03-27 10:49:17

Assigner INCIBE

State PUBLISHED

Description

Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session details.

← Browse all CVEs View on cve.org ↗