CVE-2024-25434

Опубликовано: 01 мар. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter.

Ссылки

https://drive.google.com/file/d/1MFuAyZukdJeA7HKz8o8pOKLJMjURTZCt/view?usp=sharing
Exploit
https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25434%20-%3E%20Stored%20XSS%20in%20input%20public%20name%20of%20the%20Component
Exploit
Third Party Advisory
https://drive.google.com/file/d/1MFuAyZukdJeA7HKz8o8pOKLJMjURTZCt/view?usp=sharing
Exploit
https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25434%20-%3E%20Stored%20XSS%20in%20input%20public%20name%20of%20the%20Component
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pkp.sfu:open_journal_systems:3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00155

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-c8qx-6p9j-mw59