VYPR

OPS

by Public Knowledge Project

CVEs (2)

  • CVE-2024-56525CriFeb 24, 2025
    risk 0.64cvss 9.8epss 0.00

    In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML…

  • CVE-2024-50965MedNov 22, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script