CVE-2026-40545

MEDIUM EPSS 32.2%

Published Jun 1, 20264w ago · Modified Jun 17, 20261w ago

5.1 CVSS 4.0

Medium

Published Jun 1, 2026 4w ago

Last Modified Jun 17, 2026 1w ago

Description

SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue affects SOPlanning version 1.55 and below.

CVSS Details

Base Score

5.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction A

Scope X

Threat Intelligence

EPSS Exploit Probability

32.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

References 2

cert.pl https://cert.pl/en/posts/2026/06/CVE-2026-40543
soplanning.org https://www.soplanning.org/en/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.