Medium severity6.1OSV Advisory· Published Jun 19, 2018· Updated Jun 17, 2026

CVE-2018-12588

Description

Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Pkp/OmpOSV
Range: omp-1_2_0-0, omp-3_1_1-0, omp-3_1_1-1, …
Public Knowledge Project/Open Monograph Pressllm-create
Range: >=1.2.0, <=3.1.1-2

Patches

Vulnerability mechanics

References

github.com/pkp/omp/commit/bfdcdec64865238163282c5940a6c7896c0977bfnvdPatchThird Party Advisory
forum.pkp.sfu.ca/t/ojs-3-1-1-2-and-omp-3-1-1-3-released/45937nvdExploitPatchVendor Advisory
github.com/pkp/pkp-lib/issues/3805nvdExploitThird Party Advisory
forum.pkp.sfu.ca/t/xss-vulnerability-alert/45938nvdVendor Advisory
metamorfosec.com/Files/Advisories/METS-2018-002-A_XSS_Vulnerability_in_OMP_1.2.0_to_3.1.1-2.txtnvdTechnical DescriptionThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000