CVE-2025-21616

Medium CVSS: 5.4

Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image.

Vendor

Plane

Product

Plane

CWE

CWE-79

Yayın Tarihi

2025-01-06 22:15:11

Güncelleme

2025-06-20 18:08:44

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Plane MEDIUM Plane 2025

Referanslar

https://github.com/makeplane/plane/security/advisories/GHSA-rcg8-g69v-x23j https://github.com/makeplane/plane/security/advisories/GHSA-rcg8-g69v-x23j

Benzer Kayıtlar

High

CVE-2026-30242

Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/seri…

High

CVE-2026-30244

Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate work…

Medium

CVE-2026-27705

Plane is an an open-source project management tool. Prior to version 1.2.2, the `ProjectAssetEndpoint.patch()` method in…

High

CVE-2026-27706

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSR…

Medium

CVE-2025-69284

Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https[…

Low

CVE-2025-48070

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer tha…