Every CVE whose affected-product data names Objectplanet Opinio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-4472 — CVSS 9.8 (critical): Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable…
CVE-2025-13872 — CVSS 9.1 (critical): Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an…
CVE-2025-13871 — CVSS 8.8 (high): Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf…
CVE-2020-26806 — CVSS 8.8 (high): admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code…
CVE-2020-26565 — CVSS 7.5 (high): ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to…
CVE-2020-26564 — CVSS 6.5 (medium): ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a…
CVE-2020-26563 — CVSS 6.1 (medium): ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is…
CVE-2025-13873 — CVSS 5.4 (medium): Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker…