Unrated severityNVD Advisory· Published Jul 15, 2023· Updated Oct 30, 2024
Plane 0.7.1 - Insecure file upload
CVE-2023-30791
Description
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.