Filtered by vendor Plane
Subscriptions
Filtered by product Plane
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30791 | 1 Plane | 1 Plane | 2024-11-21 | 7.1 High |
| Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. | ||||
| CVE-2023-2268 | 1 Plane | 1 Plane | 2024-11-21 | 7.1 High |
| Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users. | ||||
| CVE-2024-47830 | 1 Plane | 1 Plane | 2024-11-12 | 9.3 Critical |
| Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0. | ||||
Page 1 of 1.