GHSA-4fp8-7gvj-j2xgMediumCVSS 5.4

Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the...

Published
June 17, 2026
Last Modified
June 23, 2026

🔗 CVE IDs covered (1)

📋 Description

Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint.

🔗 References (4)