CVE-2020-26563

Publication date

2021-07-30 02:52:25

Family

mitre

State

PUBLISHED

Description

ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.)