Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
public knowledge project open journal systems vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-26616
PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows malicious users to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers.
Public Knowledge Project Open Journal Systems
6.1
CVSSv3
CVE-2022-24181
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote malicious users to inject arbitary code via the X-Forwarded-Host Header.
Public Knowledge Project Open Journal Systems
2 Github repositories
8.8
CVSSv3
CVE-2019-19909
An issue exists in Public Knowledge Project (PKP) pkp-lib prior to 3.1.2-2, as used in Open Journal Systems (OJS) prior to 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.
Sfu Open Journal System
NA
CVE-2011-5195
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that upload a PHP file.
Public Knowledge Project Open Conference Systems 2.0
Public Knowledge Project Open Conference Systems 1.1.7
Public Knowledge Project Open Conference Systems 1.1.6
Public Knowledge Project Open Conference Systems 1.1.5
Public Knowledge Project Open Conference Systems 2.3.1
Public Knowledge Project Open Conference Systems 2.3
Public Knowledge Project Open Conference Systems 2.1.2-1
Public Knowledge Project Open Conference Systems 2.1.2
Public Knowledge Project Open Conference Systems 2.1.1.-2
Public Knowledge Project Open Conference Systems 1.1
Public Knowledge Project Open Conference Systems 1.0
Public Knowledge Project Open Conference Systems
Public Knowledge Project Open Conference Systems 2.3.3
Public Knowledge Project Open Conference Systems 2.1.1-1
Public Knowledge Project Open Conference Systems 2.1.0-1
Public Knowledge Project Open Conference Systems 1.1.3
Public Knowledge Project Open Conference Systems 1.1.1
Public Knowledge Project Open Conference Systems 2.3.3-1
Public Knowledge Project Open Conference Systems 2.3.2
Public Knowledge Project Open Conference Systems 2.1.1
Public Knowledge Project Open Conference Systems 2.1
Public Knowledge Project Open Conference Systems 1.1.4
1 EDB exploit
NA
CVE-2011-5196
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that upload PHP files.
Public Knowledge Project Open Journal Systems 2.3.2
Public Knowledge Project Open Journal Systems 2.3.1-2
Public Knowledge Project Open Journal Systems 2.3.0
Public Knowledge Project Open Journal Systems 2.2.4
Public Knowledge Project Open Journal Systems 1.1.7
Public Knowledge Project Open Journal Systems 1.1.6
Public Knowledge Project Open Journal Systems 1.1.5
Public Knowledge Project Open Journal Systems 1.1
Public Knowledge Project Open Journal Systems 2.3.4
Public Knowledge Project Open Journal Systems 2.1.1
Public Knowledge Project Open Journal Systems 2.1
Public Knowledge Project Open Journal Systems 2.0.2-1
Public Knowledge Project Open Journal Systems 2.0.1
Public Knowledge Project Open Journal Systems 2.3.3-3
Public Knowledge Project Open Journal Systems 2.3.3-1
Public Knowledge Project Open Journal Systems 2.3.2-1
Public Knowledge Project Open Journal Systems 2.2.3
Public Knowledge Project Open Journal Systems 2.2.1
Public Knowledge Project Open Journal Systems 1.1.10
Public Knowledge Project Open Journal Systems 1.1.8
Public Knowledge Project Open Journal Systems 1.0.1
Public Knowledge Project Open Journal Systems
1 EDB exploit
NA
CVE-2011-5197
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that upload PHP files.
Public Knowledge Project Open Harvester Systems 1.0
Public Knowledge Project Open Harvester Systems 1.0.1
Public Knowledge Project Open Harvester Systems 2.0.0
Public Knowledge Project Open Harvester Systems 2.0.1
Public Knowledge Project Open Harvester Systems 2.3.0
Public Knowledge Project Open Harvester Systems
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started