Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
journal vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-15478
The Journal theme prior to 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
Journal-theme Journal
NA
CVE-2011-5196
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that upload PHP files.
Public Knowledge Project Open Journal Systems 2.3.2
Public Knowledge Project Open Journal Systems 2.3.1-2
Public Knowledge Project Open Journal Systems 2.3.0
Public Knowledge Project Open Journal Systems 2.2.4
Public Knowledge Project Open Journal Systems 1.1.7
Public Knowledge Project Open Journal Systems 1.1.6
Public Knowledge Project Open Journal Systems 1.1.5
Public Knowledge Project Open Journal Systems 1.1
Public Knowledge Project Open Journal Systems 2.3.4
Public Knowledge Project Open Journal Systems 2.1.1
Public Knowledge Project Open Journal Systems 2.1
Public Knowledge Project Open Journal Systems 2.0.2-1
Public Knowledge Project Open Journal Systems 2.0.1
Public Knowledge Project Open Journal Systems 2.3.3-3
Public Knowledge Project Open Journal Systems 2.3.3-1
Public Knowledge Project Open Journal Systems 2.3.2-1
Public Knowledge Project Open Journal Systems 2.2.3
Public Knowledge Project Open Journal Systems 2.2.1
Public Knowledge Project Open Journal Systems 1.1.10
Public Knowledge Project Open Journal Systems 1.1.8
Public Knowledge Project Open Journal Systems 1.0.1
Public Knowledge Project Open Journal Systems
1 EDB exploit
5.4
CVSSv3
CVE-2022-24582
Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of t...
Accounting Journal Management Project Accounting Journal Management 1.0
6.1
CVSSv3
CVE-2018-12229
Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote malicious users to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author field).
Sfu Open Journal System
NA
CVE-2012-1469
Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems prior to 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/i...
Pkp Open Journal Systems
2 EDB exploits
8.8
CVSSv3
CVE-2019-19909
An issue exists in Public Knowledge Project (PKP) pkp-lib prior to 3.1.2-2, as used in Open Journal Systems (OJS) prior to 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.
Sfu Open Journal System
NA
CVE-2012-1467
Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems prior to 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny...
Pkp Open Journal Systems
1 EDB exploit
NA
CVE-2012-1468
Incomplete blacklist vulnerability in Open Journal Systems prior to 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct requ...
Pkp Open Journal Systems
1 EDB exploit
8.8
CVSSv3
CVE-2023-5626
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs before 3.3.0-16.
Sfu Open Journal System
5.4
CVSSv3
CVE-2023-5894
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs before 3.3.0-16.
Sfu Open Journal Systems
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »