Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pkp open journal systems vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-1467
Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems prior to 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny...
Pkp Open Journal Systems
1 EDB exploit
NA
CVE-2012-1469
Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems prior to 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/i...
Pkp Open Journal Systems
2 EDB exploits
NA
CVE-2012-1468
Incomplete blacklist vulnerability in Open Journal Systems prior to 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct requ...
Pkp Open Journal Systems
1 EDB exploit
6.1
CVSSv3
CVE-2022-24181
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote malicious users to inject arbitary code via the X-Forwarded-Host Header.
Public Knowledge Project Open Journal Systems
2 Github repositories
5.4
CVSSv3
CVE-2023-5894
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs before 3.3.0-16.
Sfu Open Journal Systems
6.1
CVSSv3
CVE-2022-26616
PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows malicious users to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers.
Public Knowledge Project Open Journal Systems
8.8
CVSSv3
CVE-2019-19909
An issue exists in Public Knowledge Project (PKP) pkp-lib prior to 3.1.2-2, as used in Open Journal Systems (OJS) prior to 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.
Sfu Open Journal System
5.3
CVSSv3
CVE-2023-47271
PKP-WAL (aka PKP Web Application Library or pkp-lib) prior to 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an iss...
Sfu Pkp Web Application Library
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started