CVE-2024-27278

Name of the Vulnerable Software and Affected Versions OpenPNE Plugin "opTimelinePlugin" versions 1.2.11 and earlier

Description The issue allows an arbitrary script to be executed on the web browsers of other users when a user configures their profile with malicious contents on a site using the affected product. This is a cross-site scripting vulnerability.

Recommendations For versions 1.2.11 and earlier, update to a version later than 1.2.11 to resolve the issue. As a temporary workaround, consider restricting user profile configuration to minimize the risk of exploitation.