Lucene search
HistoryJul 15, 2023 - 7:15 p.m.
CVE-2023-30791
cve-2023-30791
avatar change
file upload
html and javascript
CVSS3
4.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
23.8%
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.
Affected configurations
Node
planeplaneMatch0.7.1
Related
prion
prion
Hardcoded credentials
2023-07-15 19:15:00
cve
cve
CVE-2023-30791
2023-07-15 19:15:09
osv
osv
CVE-2023-30791
2023-07-15 19:15:09
cvelist
cvelist
CVE-2023-30791 Plane 0.7.1 - Insecure file upload
2023-07-15 18:41:21
CVSS3
4.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
23.8%
Related for NVD:CVE-2023-30791