CVE-2024-25436

Name of the Vulnerable Software and Affected Versions Pkp Ojs version 3.3

Description A cross-site scripting (XSS) issue in the Production module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.

Recommendations For Pkp Ojs version 3.3, consider disabling the Add Discussion function temporarily until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the Input subject field to minimize the risk of arbitrary web script execution. Avoid using the Add Discussion function with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.