Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 up to and including 3.1.1-2 prior to 3.1.1-3 allows remote malicious users to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
public knowledge project open monograph press |