3 matches found
CVE-2024-25434
A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...
CVE-2024-25434
A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...
CVE-2024-25434
CVE-2024-25434 affects Pkp Ojs v3.3, with a stored/reflected XSS vulnerability in the Publicname parameter. The available sources describe that arbitrary web scripts/HTML can be executed via crafted input, but do not provide a confirmed exploit method or patch details. CVSS 3.1 base score is 5.4 ...