SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2024-25438

A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 6.1		CVSS Score :
Exploit Score:		Exploit Score:
Impact Score:		Impact Score:

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector:		Access Vector:
Attack Complexity:		Access Complexity:
Privileges Required:		Authentication:
User Interaction:		Confidentiality:
Scope:		Integrity:
Confidentiality:		Availability:
Integrity:
Availability:

Reference:

https://drive.google.com/file/d/1-9yUkbsQ-blYpTsdZoXfu3ALBA5wQCbG/view?usp=sharing

https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions


30480



423868



253164



909



197077



282