VYPR
Vendor

Public Knowledge Project

Products
6
CVEs
7
Across products
9
Status
Private

Products

6

Recent CVEs

7
  • CVE-2024-56525CriFeb 24, 2025
    risk 0.64cvss 9.8epss 0.00

    In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML…

  • CVE-2024-50965MedNov 22, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script

  • CVE-2025-13469LowNov 20, 2025
    risk 0.16cvss 2.4epss 0.00

    A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the…

  • CVE-2011-5197Sep 23, 2012
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.

  • CVE-2011-5196Sep 23, 2012
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.

  • CVE-2011-5195Sep 23, 2012
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file.

  • CVE-2018-12588MedJun 19, 2018
    risk 0.00cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch…