Avatar Upload Vulnerability in Plane Version 0.7.1-dev
CVE-2023-30791 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.
Learn more about our Web Application Penetration Testing UK.