CVE-2023-30791

Name of the Vulnerable Software and Affected Versions Plane version 0.7.1-dev

Description The issue allows an attacker to change the avatar of their profile, enabling the upload of files with HTML extension that can interpret both HTML and JavaScript.

Recommendations For Plane version 0.7.1-dev, consider disabling the avatar upload feature until a patch is available to prevent exploitation. Restrict access to profile modification to minimize the risk of malicious file uploads. Avoid using the feature that allows HTML file uploads in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.