CVE-2025-21616

{"id": "CVE-2025-21616", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-01-06T22:15:11.023", "references": [{"url": "https://github.com/makeplane/plane/security/advisories/GHSA-rcg8-g69v-x23j", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/makeplane/plane/security/advisories/GHSA-rcg8-g69v-x23j", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image."}, {"lang": "es", "value": "Plane es una herramienta de gesti\u00f3n de proyectos de c\u00f3digo abierto. Se ha identificado una vulnerabilidad de cross site scripting (XSS) en versiones de Plane anteriores a la 0.23. La vulnerabilidad permite a los usuarios autenticados cargar archivos SVG que contienen c\u00f3digo JavaScript malicioso como im\u00e1genes de perfil, que se ejecutan en los navegadores de las v\u00edctimas cuando ven la imagen de perfil."}], "lastModified": "2025-06-20T18:08:44.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B71D6DB9-FD53-489A-AF83-855FBF28B78F", "versionEndExcluding": "0.23.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}