Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-47830 | 1 Plane | 1 Plane | 2024-11-12 | N/A | 5.8 MEDIUM |
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0. | |||||
CVE-2023-2268 | 1 Plane | 1 Plane | 2024-09-05 | N/A | 7.5 HIGH |
Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users. | |||||
CVE-2023-30791 | 1 Plane | 1 Plane | 2024-02-28 | N/A | 4.6 MEDIUM |
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. |