OpenPLI is prone to a shell command execution and multiple HTML-injection vulnerabilities. An attacker can exploit these issues to execute arbitrary script code within the context of the browser, steal cookie-based authentication credentials, and execute arbitrary shell commands within the context of the application.
