CVE-2022-24181

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT

Description

Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.

pkp/pkp-lib
pkp/pkp-lib
The library used by PKP's applications OJS, OMP and OPS, open source software for scholarly publishing.
GitHubGitHub
344