Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-13873
PUBLISHED
More InfoOfficial Page
Assigner-TCS-CERT
Assigner Org ID-64c5ae8f-7972-4697-86a0-7ada793ac795
View Known Exploited Vulnerability (KEV) details
Published At-02 Dec, 2025 | 09:56
Updated At-02 Dec, 2025 | 16:54
Rejected At-
▼CVE Numbering Authority (CNA)
The feature to import a survey is prone to stored Cross-Site Script attacks

Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.

Affected Products
Vendor
ObjectPlanet
Product
Opinio
Modules
  • The feature to import a survey
Default Status
unknown
Versions
Affected
  • 7.26 rev12562
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
4.04.8MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Dominique Righetto
Timeline
EventDate
Vulnerability discovery2024-12-01 09:10:00
Vulnerability Report to TCS-CERT2024-12-10 14:22:00
Vulnerability Report to Vendor through email : opinio@support.objectplanet.com2024-12-19 15:33:00
Feedback asked to vendor, check if the vendor received the PoC in an encrypted archive2024-12-24 15:34:00
New follow-up email was send to the vendor2025-01-10 15:32:00
Vendor confirmed the reception of the PoC, vendor asked to wait 90-day period before publishing (responsible disclosure), and will try to fix the vulnerability2025-01-13 15:37:00
Answer to vendor to acknowledge 90 days period2025-01-14 15:37:00
Vendor informed us that they will realse the fix by the end of this month2025-03-10 15:38:00
An email was sent to check where they stand on the release and fixes for the reported issues2025-04-23 14:39:00
A feedback was requested from vendor regarding their progreess2025-06-21 14:39:00
A feedback was requested from vendor regarding their progreess2025-06-30 14:39:00
The vendor released the newer fixed version which is the Opinio Version 7.272025-07-31 14:39:00
Event: Vulnerability discovery
Date: 2024-12-01 09:10:00
Event: Vulnerability Report to TCS-CERT
Date: 2024-12-10 14:22:00
Event: Vulnerability Report to Vendor through email : opinio@support.objectplanet.com
Date: 2024-12-19 15:33:00
Event: Feedback asked to vendor, check if the vendor received the PoC in an encrypted archive
Date: 2024-12-24 15:34:00
Event: New follow-up email was send to the vendor
Date: 2025-01-10 15:32:00
Event: Vendor confirmed the reception of the PoC, vendor asked to wait 90-day period before publishing (responsible disclosure), and will try to fix the vulnerability
Date: 2025-01-13 15:37:00
Event: Answer to vendor to acknowledge 90 days period
Date: 2025-01-14 15:37:00
Event: Vendor informed us that they will realse the fix by the end of this month
Date: 2025-03-10 15:38:00
Event: An email was sent to check where they stand on the release and fixes for the reported issues
Date: 2025-04-23 14:39:00
Event: A feedback was requested from vendor regarding their progreess
Date: 2025-06-21 14:39:00
Event: A feedback was requested from vendor regarding their progreess
Date: 2025-06-30 14:39:00
Event: The vendor released the newer fixed version which is the Opinio Version 7.27
Date: 2025-07-31 14:39:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.objectplanet.com/opinio/changelog.html
release-notes
Hyperlink: https://www.objectplanet.com/opinio/changelog.html
Resource:
release-notes
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found