CVE-2026-40545

SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue affects SOPlanning version 1.55 and below.

none

Published: Jun 1, 2026

Modified: Jun 1, 2026

Description

SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser.

This issue affects SOPlanning version 1.55 and below.

References

https://cert.pl/en/posts/2026/06/CVE-2026-40543
https://www.soplanning.org/en/