EUVD-2023-57919

Malicious code in bioql PyPI...

EUVD-2023-58893

Malicious code in bioql PyPI...

EUVD-2024-48743

Malicious code in bioql PyPI...

EUVD-2024-22765

Malicious code in bioql PyPI...

EUVD-2023-58167

Malicious code in bioql PyPI...

CVE-2024-7902

A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. The attack may be launched remotely. The...

CVE-2024-25438

A cross-site scripting XSS vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

CVE-2024-25436

A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

CVE-2024-25434

A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...

CVE-2024-24512

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component...

CVE-2024-24511

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component...

CVE-2024-50965

Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script...

CVE-2023-5626

Cross-Site Request Forgery CSRF in GitHub repository pkp/ojs prior to 3.3.0-16...

CVE-2023-5894

Cross-site Scripting XSS - Stored in GitHub repository pkp/ojs prior to 3.3.0-16...

CVE-2024-56525

In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...

CVE-2024-50965

CVE-2024-50965 describes a Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS affecting versions prior to 3.3.0.16. The vulnerability is capable of allowing an attacker to execute arbitrary code and escalate privileges via a crafted script. The issue is suppor...

CVE-2024-7902

A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. The attack may be launched remotely. The...

CVE-2024-7902

A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. The attack may be launched remotely. The...

CVE-2024-7902 pkp ojs signOut redirect

A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. The attack may be launched remotely. The...

CVE-2024-7902

CVE-2024-7902 affects PKP Open Journal Systems (OJS) up to version 3.4.0-6. The vulnerability is in the /login/signOut handler where the input value of the parameter source can be manipulated to produce an open redirect. This can be exploited remotely and the exploit has been disclosed publicly. ...