CVE-2026-40545

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 01, 2026

Vendor unknown

Description

SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue affects SOPlanning version 1.55 and below.

References

https://cert.pl/en/posts/2026/06/CVE-2026-40543
https://www.soplanning.org/en/