Recent CVEs
CVE-2024-24512
Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component.
UNKNOWN
Mar 01, 2024
CVE-2024-25438
A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.
UNKNOWN
Mar 01, 2024
CVE-2024-24511
Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component.
UNKNOWN
Mar 01, 2024
CVE-2023-5626
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16.
LOW
Oct 17, 2023