- Description
- Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-79
- Hype score
- Not currently trending
CVE-2025-21616 XSS Vulnerability in Plane Allows Malicious SVG Profile Images P... https://t.co/FvTBglDPB0 Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
7 Jan 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21616 Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability all… https://t.co/7N3iFtwJI9
@CVEnew
6 Jan 2025
394 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes