Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.
Simple Online Planning Tool version 1.32 suffers from code execution, cross site scripting, remote SQL injection, information disclosure, and path traversal vulnerabilities.