ObjectPlanet Opinio prior to 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
objectplanet opinio |