CVE-2025-13873

MEDIUM

ObjectPlanet Opinio 7.26 rev12562 - Stored Cross-Site Scripting in Survey Import Feature

Title source: llm
STIX 2.1

Description

Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.

References (1)

Core 1
Core References

Scores

CVSS v3 5.4
EPSS 0.0016
EPSS Percentile 6.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
objectplanet/opinio 7.26
Published Dec 02, 2025
Tracked Since Feb 18, 2026