A vulnerability was found in SOPlanning up to 1.55 . It has been declared as problematic . Affected by this issue is some unknown functionality of the file /process/upload_backup of the component ZIP Handler . The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-40544 . The attack can be launched remotely. No exploit exists.