Open Journal Systems Security Vulnerabilities and Issues — Open Journal Systems CVE List

Lucene search

Public Knowledge ProjectOpen Journal Systems

5 matches found

CVE•added 2022/04/01 12:15 p.m.•115 views

CVE-2022-24181

Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.

6.1CVSS6.2AI score0.04352EPSS

CVE•added 2022/04/04 1:15 p.m.•71 views

CVE-2022-26616

PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers.

6.1CVSS6AI score0.0096EPSS

CVE•added 2024/03/01 11:15 p.m.•53 views

CVE-2024-25438

A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.

6.1CVSS5.7AI score0.00281EPSS

CVE•added 2024/08/17 10:15 p.m.•44 views

CVE-2024-7902

A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. The attack may be launched remotely. The exp...

6.9CVSS4.5AI score0.00081EPSS

CVE•added 2012/09/23 5:55 p.m.•24 views

CVE-2011-5196

Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.

6.8CVSS7.5AI score0.00174EPSS