CVE-2022-26616

Published April 4th, 2022

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

1

PROJECT

Description

PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers.

The library used by PKP's applications OJS, OMP and OPS, open source software for scholarly publishing.

GitHub

344