Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-07-15
Page 2