3 matches found
Hardcoded credentials
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...
CVE-2023-30791
Plane version 0.7.1-dev is affected: an attacker can change a user’s avatar, enabling upload of files with an HTML extension that are interpreted as HTML and JavaScript. This is described across multiple sources as an insecure avatar-upload path leading to HTML/JS content. Remediation guidance in...
CVE-2023-2268 Plane v0.7.1 - Unauthorized access to files
Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users...