Vulnerabilities > SFU > Open Journal Systems

DATE CVE VULNERABILITY TITLE RISK
2024-03-01 CVE-2024-25436 Cross-site Scripting vulnerability in SFU Open Journal Systems 3.3
A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.
network
low complexity
sfu CWE-79
6.1
6.1
2023-11-01 CVE-2023-5894 Unspecified vulnerability in SFU Open Journal Systems
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.
network
low complexity
sfu
5.4
5.4