CNNVD-202508-1859 Information

CNNVD ID

CNNVD-202508-1859

Related CVE

CVE-2025-55203

• CNNVD Published: 2025-08-15

Description (Chinese)

Plane是Plane开源的一个开源、自托管的项目规划工具。 Plane 0.28.0之前版本存在跨站脚本漏洞，该漏洞源于description_html字段未充分清理和转义，可能导致存储型跨站脚本攻击。

Description (English)

Plane is an open-source, self-hosted project planning tool for Plane ’ s open source. Pre-Plane 0.28.0 has a cross-site script loophole, which stems from inadequate clean-up and conversion of the description html field, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Plane

Published

2025-08-15

Last Modified

2026-02-24

References

https://drive.google.com/file/d/1lQzQJ9Eun6xmcxyyAkr5ORyIrfw9ys5w/view?usp=sharing https://github.com/makeplane/plane/security/advisories/GHSA-rwjc-xhh3-m9m9 https://access.redhat.com/security/cve/cve-2025-55203 https://nvd.nist.gov/vuln/detail/CVE-2025-55203

Patch

https://github.com/makeplane/plane/releases