Avatar Upload Vulnerability in Plane Version 0.7.1-dev

Avatar Upload Vulnerability in Plane Version 0.7.1-dev

CVE-2023-30791 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.

Learn more about our Web Application Penetration Testing UK.