{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T10:40:26.043","vulnerabilities":[{"cve":{"id":"CVE-2025-21616","sourceIdentifier":"security-advisories@github.com","published":"2025-01-06T22:15:11.023","lastModified":"2025-06-20T18:08:44.170","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image."},{"lang":"es","value":"Plane es una herramienta de gestión de proyectos de código abierto. Se ha identificado una vulnerabilidad de cross site scripting (XSS) en versiones de Plane anteriores a la 0.23. La vulnerabilidad permite a los usuarios autenticados cargar archivos SVG que contienen código JavaScript malicioso como imágenes de perfil, que se ejecutan en los navegadores de las víctimas cuando ven la imagen de perfil."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*","versionEndExcluding":"0.23.0","matchCriteriaId":"B71D6DB9-FD53-489A-AF83-855FBF28B78F"}]}]}],"references":[{"url":"https://github.com/makeplane/plane/security/advisories/GHSA-rcg8-g69v-x23j","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/makeplane/plane/security/advisories/GHSA-rcg8-g69v-x23j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}