4.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.3%
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.
fluidattacks.com/advisories/indio/
github.com/makeplane/plane