216.73.217.176

CVE-2025-21616

· Published 06/01/2025 22:15 · Modified 07/01/2025 16:15

Labels: CVE-2025-21616 2025-01-06CVE-2025-21616CWE-79[email protected]

Essential information

Published
06/01/2025 22:15
Modified
07/01/2025 16:15
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References