CVE-2025-21616
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21616
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21616.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-21616
- Related
- Published
- 2025-01-06T22:15:11Z
- Modified
- 2025-06-27T10:57:49.063200Z
- Summary
- [none]
- Details
-
Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image.
- References
Affected packages
Git / github.com/makeplane/plane
Affected ranges
- Type
- GIT
- Repo
- https://github.com/makeplane/plane
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1-dev
v0.10-dev
v0.11-dev
v0.12-dev
v0.12.1-dev
v0.12.2-dev
v0.13-dev
v0.13.1-dev
v0.13.2-dev
v0.14-dev
v0.14.1-dev
v0.14.2-dev
v0.15-dev
v0.15.1-dev
v0.15.2-dev
v0.15.3-hotfix
v0.15.4-dev
v0.16-dev
v0.17-dev
v0.18-dev
v0.19-dev
v0.2-dev
v0.2.1-dev
v0.20-dev
v0.21-dev
v0.22-dev
v0.3.1-dev
v0.4-dev
v0.5-dev
v0.6-dev
v0.7-dev
v0.7.1-dev
v0.8-dev
v0.9-dev