CVE-2023-30791

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.

Date published : 2023-07-15

https://fluidattacks.com/advisories/indio/

https://github.com/makeplane/plane