Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.
CVSS Score
9.3
EPSS Score
0.004
Published
2024-10-11
Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-07-15
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-07-15
Page 2