CVE-2024-27278

OpenPNE plugin opTimelinePlugin (version 1.2.11 and earlier) contains a stored cross-site scripting (CWE-79) vulnerability in the Edit Profile page. When a user configures their profile with malicious content, an arbitrary script may execute in other users’ browsers. Affected product: OpenPNE opT...