Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Plane 0.7.1 - Insecure file upload
Vulnerability Description
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Plane 代码问题漏洞
Vulnerability Description
Plane是Plane开源的一个开源、自托管的项目规划工具。 Plane 0.7.1-dev版本存在安全漏洞,该漏洞源于允许攻击者更改其个人资料的头像,从而允许上传具有可解释 HTML 和 JavaScript 的 HTML 扩展名的文件。
CVSS Information
N/A
Vulnerability Type
N/A