CVE-2018-12229

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-12229
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12229.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-12229
Published
2018-06-12T11:29:00Z
Modified
2024-09-03T02:04:23.401068Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author field).

References

Affected packages

Git / github.com/pkp/ojs

Affected ranges

Type
GIT
Repo
https://github.com/pkp/ojs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

Other

ojs-2_0_0-0
ojs-2_0_1-0
ojs-2_0_2-0
ojs-2_0_2-1
ojs-2_1_0-0
ojs-2_1_0-1
ojs-2_1_1-0
ojs-2_1_1rc4
ojs-2_1b
ojs-2_2_0-0
ojs-2_2_0-b1
ojs-2_2_0-b2
ojs-2_2_1-0
ojs-2_2_1-b1
ojs-2_3_0-0
ojs-2_3_0-0rc1
ojs-2_3_1-0
ojs-2_3_1-1
ojs-2_3_1-2
ojs-2_3_3-0
ojs-2_3_3-1
ojs-2_4_0-0
ojs-3_0a1
ojs-3_0b1
ojs-3_1_1-0
ojs-3_1_1-1
ojs2-base-2_2_2