Public Knowledge Project Open Journal Systems — known CVE vulnerabilities
Every CVE whose affected-product data names Public Knowledge Project Open Journal Systems, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2011-5196 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and…
CVE-2022-24181 — CVSS 6.1 (medium): Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary…
CVE-2022-26616 — CVSS 6.1 (medium): PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP…
CVE-2024-25438 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or…
CVE-2024-7902 — CVSS 4.3 (medium): A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of…