CNNVD-202510-3401 Information

CNNVD ID

CNNVD-202510-3401

Related CVE

CVE-2025-62716

• CNNVD Published: 2025-10-24

Description (Chinese)

Plane是Plane开源的一个开源、自托管的项目规划工具。 Plane 1.1.0之前版本存在输入验证错误漏洞，该漏洞源于next_path参数允许传递任意方案，可能导致跨站脚本攻击。

Description (English)

Plane is an open-source, self-hosted project planning tool for Plane ’ s open source. Prior to Plane 1.1.0, there was an input validation error loophole, which arose from the fact that the next path parameter allowed the transmission of an arbitrary program, which could result in a cross-site script attack.

Hazard Level

Medium

Vulnerability Type

输入验证错误

Affected Vendor

Plane

Published

2025-10-24

Last Modified

2026-02-24

References

https://github.com/makeplane/plane/security/advisories/GHSA-6fj7-xgpg-mj6f https://access.redhat.com/security/cve/cve-2025-62716

Patch

https://github.com/makeplane/plane/releases