3 matches found
CVE-2019-19909
PKP pkp-lib before 3.1.2-2 and OJS before 3.1.2-2 are affected. A crafted URL can trigger code injection in the OJS report generator via unserialize when an authenticated Journal Manager visits it. Remediation: upgrade to pkp-lib 3.1.2-2 or later and OJS 3.1.2-2 or later (or apply vendor-provided...
CVE-2023-5626
CVE-2023-5626 affects Open Journal Systems (OJS) pkp/ojs versions prior to 3.3.0-16. Root cause is a Cross-Site Request Forgery (CSRF) vulnerability. The impact is described as high in CVSS metrics (C/H, I/H, A/H) for the NVD entry; exploitation may allow unauthorized actions requiring user inter...
CVE-2018-12229
The CVE-2018-12229 issue affects PKP Open Journal System (OJS) versions 3.0.0 through 3.1.1-1. The root cause is a cross-site scripting flaw in the templates/frontend/pages/search.tpl, specifically via the By Author field, allowing remote attackers to inject arbitrary web script or HTML. Some sou...