Vulnerabilities (CVE)

Filtered by vendor Plane Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-47830 1 Plane 1 Plane 2024-11-12 N/A 5.8 MEDIUM
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.
CVE-2023-2268 1 Plane 1 Plane 2024-09-05 N/A 7.5 HIGH
Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users.
CVE-2023-30791 1 Plane 1 Plane 2024-02-28 N/A 4.6 MEDIUM
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.