PKP : Security Vulnerabilities, CVEs, (Code Execution)
Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-01
Updated
2024-03-04
Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-01
Updated
2024-03-04
Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.
Max CVSS
6.0
EPSS Score
0.73%
Published
2012-09-06
Updated
2012-09-07
3 vulnerabilities found