Alec Smecher

**Name of the Vulnerable Software and Affected Versions** Public Knowledge Project (PKP) Open Monograph Press (OMP) versions 1.2.0 through 3.1.1-2 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `catalog.noTitlesSearch` parameter, also known as the Search field. **Recommendations** For versions 1.2.0 through 3.1.1-2, update to version 3.1.1-3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Public Knowledge Project (PKP) Open Journal System (OJS) versions 3.0.0 through 3.1.1-1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `templates/frontend/pages/search.tpl` parameter, also known as the By Author field. This is a cross-site scripting (XSS) issue. **Recommendations** For versions 3.0.0 through 3.1.1-1, avoid using the `templates/frontend/pages/search.tpl` parameter until a fix is available. As a temporary workaround, consider restricting access to the By Author field to minimize the risk of exploitation.