XSS Vulnerability in Plane Project Management Tool
CVE-2025-21616

Currently unrated

Key Information:

Vendor: Plane
Status: Plane
Vendor: CVE Published:; 6 January 2025

What is CVE-2025-21616?

A cross-site scripting (XSS) vulnerability has been found in the Plane project management tool, allowing authenticated users to upload malicious SVG files as profile images. When these images are viewed, the embedded JavaScript can be executed in the victims' browsers, posing significant security risks.

References

https://github.com/makeplane/plane/security/advisories/GH...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2025

CVE-2025-21616 Data

JSON