PT-2025-47575 · Public Knowledge · Ojs+1
Tsuretettee
·
Published
2025-11-20
·
Updated
2025-11-20
·
CVE-2025-13469
CVSS v4.0
4.8
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Public Knowledge Project omp and ojs versions 3.3.0 through 3.5.0
Description
A security issue exists in Public Knowledge Project omp and ojs. The manipulation of the
manualInstructions argument in an unknown function within the file plugins/paymethod/manual/templates/paymentForm.tpl of the Payment Instructions Setting Handler component can lead to cross site scripting. This attack can be initiated remotely.Recommendations
Upgrade the affected component to address this issue.
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ojs
Omp