Openpne: Security Vulnerabilities
OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users.
CVSS Score
5.4
EPSS Score
0.013
Published
2024-03-06
opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities
CVSS Score
9.8
EPSS Score
0.021
Published
2020-02-07