12 matches found
CVE-2024-25436
A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...
CVE-2024-25436
A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...
Cross site scripting
A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...
Cross site scripting
A cross-site scripting XSS vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...
CVE-2024-25438
A cross-site scripting XSS vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...
CVE-2024-25436
A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...
PT-2024-20942 · Public Knowledge · Pkp Ojs
Name of the Vulnerable Software and Affected Versions: Pkp Ojs version 3.3 Description: A cross-site scripting XSS issue in the Production module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...
PT-2024-20943 · Public Knowledge · Pkp Ojs
Name of the Vulnerable Software and Affected Versions: Pkp Ojs version 3.3 Description: A cross-site scripting XSS issue in the Submission module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...
Pkp Ojs Cross Site Scripting Vulnerability
affinitybridge Pkp Ojs is an open source journal publication management software system from affinitybridge. A cross-site scripting vulnerability exists in Pkp Ojs version v3.3, which originates from a vulnerability that allows an attacker to execute arbitrary web script or HTML via the Input...
CVE-2024-25436
A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...
PKP OPEN JOURNAL SYSTEMS Cross-Site Scripting Vulnerability
PKP OPEN JOURNAL SYSTEMS PKP OJS is an end-to-end scholarly publishing platform from PKP Inc. A cross-site scripting vulnerability exists in PKP OPEN JOURNAL SYSTEMS version v3.3, which originates from a vulnerability that allows attackers to execute arbitrary web script or HTML via the Input...
Stored XSS in function Add discussion at the Copyediting section
Description I tested the demo site you provided and I see that there is a stored XSS in function Add discussion Proof of Concept payload: thanh"alert1 Steps 1. Login as any user 2. In the Unassigned section and click view 3. In the Workflow click Copyediting section and Add discussion 4. Insert...