CVE-2024-25438

Name of the Vulnerable Software and Affected Versions Pkp Ojs version 3.3

Description A cross-site scripting (XSS) issue in the Submission module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.

Recommendations For Pkp Ojs version 3.3, consider disabling the Add Discussion function or restricting access to the Submission module until a patch is available. Avoid using the Input subject field in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.