SOPlanning v1.52.00 is vulnerable to XSS via the ‘groupe_id’ parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform.
View the template here CVE-2024-33724.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-33724