CVE-2024-27278 Information

Description

OpenPNE Plugin \opTimelinePlugin\ 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product when a user configures the profile with some malicious contents an arbitrary script may be executed on the web browsers of other users.

Reference

http://www.openpne.jp/archives/13458/ https://jvn.jp/en/jp/JVN78084105/