Skip to main content

Open Journal System

3 CVEs product

Monthly

CVE-2023-5626 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Open Journal System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2019-19909 HIGH PATCH This Week

An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Deserialization Open Journal System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2018-12229 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Journal System
NVD GitHub
CVSS 3.0
6.1
EPSS
1.8%
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Open Journal System
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Deserialization +1
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Journal System
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy