Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an malicious user to execute arbitrary code via the input subtitle component.