4.3CVSS
4.7AI Score
0.0005EPSS
4.8CVSS
5AI Score
0.0004EPSS
PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover...
5.3CVSS
5.2AI Score
0.001EPSS
5.4CVSS
4.2AI Score
0.0004EPSS
4.3CVSS
4.7AI Score
0.0005EPSS
5.4CVSS
4.2AI Score
0.0004EPSS
5.4CVSS
4.8AI Score
0.0004EPSS
5.4CVSS
5.3AI Score
0.0004EPSS
8.8CVSS
5.4AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.0004EPSS
5.4CVSS
4.3AI Score
0.0004EPSS
5.4CVSS
4.3AI Score
0.0004EPSS
8.8CVSS
7AI Score
0.001EPSS
5.4CVSS
4.2AI Score
0.0004EPSS
8.8CVSS
6.2AI Score
0.001EPSS
An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is...
8.8CVSS
8.7AI Score
0.005EPSS
Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author...
6.1CVSS
6AI Score
0.002EPSS