PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting

PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. id: CVE-2022-24181 info: name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting author: lucasljm2001,ekrause severit...

📄 PKP-WAL 3.5.0-1 Cross Site Request Forgery

PKP-WAL versions 3.5.0-1 and below suffer from a cross site request forgery vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 Login Cross-Site Request Forgery Vulnerability ----------------------------------------------------------------- - Softwar...

📄 Open Journal Systems 3.5.0-1 Path Traversal

Open Journal Systems versions 3.5.0-1 and below suffer from a path traversal vulnerability in NativeXmlIssueGalleyFilter.php. --------------------------------------------------------------------------------------------- Open Journal Systems issuegalleys - issuegalley - issuefile - filename tag of...

CVE-2025-13469

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the argument...

CVE-2025-13469

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the argument...

CVE-2025-13469

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the argument...

CVE-2025-13469

CVE-2025-13469 affects Public Knowledge Project platforms PKP OJS/OMP/Ops (versions 3.3.0/3.4.0/3.5.0) where an attacker can trigger a cross-site scripting (XSS) by manipulating the argument manualInstructions in the file plugins/paymethod/manual/templates/paymentForm.tpl under the Payment Instru...

EUVD-2012-1486

Malware in sbrugna...

EUVD-2011-5096

Malware in sbrugna...

EUVD-2019-9501

Malware in sbrugna...

CVE-2023-47271

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

CVE-2012-1467

Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to 1 delete or 2 rename arbitrary files via a .. dot dot in the param parameter to...

CVE-2012-1468

Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in...

CVE-2019-19909

An issue was discovered in Public Knowledge Project PKP pkp-lib before 3.1.2-2, as used in Open Journal Systems OJS before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used...

Public Knowledge Project Platform OJS/OMP/OPS 安全漏洞

Public Knowledge Project Platform OJS/OMP/OPS PKP Platform OJS/OMP/OPS is an open source publishing platform from Public Knowledge Project, Inc. A security vulnerability exists in Public Knowledge Project Platform OJS/OMP/OPS versions prior to 3.3.0.21 and versions prior to 3.4.x through 3.4.0.8,...

Public Knowledge Project Platform OJS/OMP/OPS 安全漏洞

Public Knowledge Project Platform OJS/OMP/OPS PKP Platform OJS/OMP/OPS is an open source publishing platform from Public Knowledge Project, Inc. A security vulnerability exists in Public Knowledge Project Platform OJS/OMP/OPS versions prior to v3.3.0.16, which stems from a vulnerability that allo...

PT-2024-34475 · Public Knowledge · Pkp Platform Ojs/Omp/Ops

Name of the Vulnerable Software and Affected Versions: Public Knowledge Project PKP Platform OJS/OMP/OPS versions prior to 3.3.0.16 Description: The issue allows an attacker to execute arbitrary code and escalate privileges via a crafted script. This is a Cross Site Scripting vulnerability...

PKP OPEN JOURNAL SYSTEMS 输入验证错误漏洞

PKP OPEN JOURNAL SYSTEMS PKP OJS is an end-to-end scholarly publishing platform from PKP, Inc. An input validation error vulnerability exists in PKP OPEN JOURNAL SYSTEMS 3.4.0-6 and earlier versions, which stems from the parameter source in file /login/signOut that causes an open redirect...

CVE-2024-24512

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component...

PKP OPEN JOURNAL SYSTEMS Cross-Site Scripting Vulnerability

PKP OPEN JOURNAL SYSTEMS PKP OJS is an end-to-end scholarly publishing platform from PKP Inc. A cross-site scripting vulnerability exists in PKP OPEN JOURNAL SYSTEMS v3.4 that originates from allowing an attacker to execute arbitrary code via the input subtitle component...