Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-25436

Published: 01/03/2024 Updated: 04/03/2024

Vulnerability Summary

A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.

References

https://drive.google.com/file/d/1nSC8OlxsEnOajZ2JYuwoKFZqyB764WkL/view?usp=drivesdkhttps://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissionshttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook