CVE-2024-27278
OpenPNE Plugin “opTimelinePlugin” 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users.
More information : http://www.openpne.jp/archives/13458/