2 matches found
CVE-2024-25436
CVE-2024-25436 is an XSS vulnerability in PKP Open Journal Systems (PKP OJS) v3.3, affecting the Production/Submission flow where a crafted payload in the Add Discussion subject input can execute arbitrary scripts in the victim’s browser. The cited sources consistently describe the vulnerability ...
CVE-2023-5894
CVE-2023-5894 affects PKP Open Journals System (OJS) prior to 3.3.0-16. The vulnerability is a stored XSS in the title handling of pkp/ojs, caused by improper escaping of characters. Impact stated as possible script injection in the affected site. Remediation: upgrade to version 3.3.0-16 or later...