Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-21616

Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.3%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2025-21616
  • Plane » Plane » Version: 0.1
    cpe:2.3:a:plane:plane:0.1
  • Plane » Plane » Version: 0.2
    cpe:2.3:a:plane:plane:0.2
  • Plane » Plane » Version: 0.2.1
    cpe:2.3:a:plane:plane:0.2.1
  • Plane » Plane » Version: 0.3
    cpe:2.3:a:plane:plane:0.3
  • Plane » Plane » Version: 0.3.1
    cpe:2.3:a:plane:plane:0.3.1
  • Plane » Plane » Version: 0.4
    cpe:2.3:a:plane:plane:0.4
  • Plane » Plane » Version: 0.5
    cpe:2.3:a:plane:plane:0.5
  • Plane » Plane » Version: 0.6
    cpe:2.3:a:plane:plane:0.6
  • Plane » Plane » Version: 0.7
    cpe:2.3:a:plane:plane:0.7
  • Plane » Plane » Version: 0.7.1
    cpe:2.3:a:plane:plane:0.7.1
  • Plane » Plane » Version: 0.8
    cpe:2.3:a:plane:plane:0.8
  • Plane » Plane » Version: 0.9
    cpe:2.3:a:plane:plane:0.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved