Public Knowledge Project omp/ojs Payment Instructions Setting paymentForm.tpl cross site...

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

Description

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the argument manualInstructions leads to cross site scripting. The attack can be initiated remotely. You should upgrade the affected component.

Basic Information

ID CVE-2025-13469

Source VulDB

Published Nov 20, 2025 at 13:32

Modified Nov 20, 2025 at 21:00

Affected Product

Vendor Public Knowledge Project

Product omp

Version 3.3.0

Affected Versions Public Knowledge Project omp 3.3.0
Public Knowledge Project omp 3.4.0
Public Knowledge Project omp 3.5.0
Public Knowledge Project ojs 3.3.0
Public Knowledge Project ojs 3.4.0
Public Knowledge Project ojs 3.5.0

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the argument manualInstructions leads to cross site scripting. The attack can be initiated remotely. You should upgrade the affected component.",
    "published": "2025-11-20T13:32:10.915Z",
    "modified": "2025-11-20T21:00:03.081Z",
    "type": "cve",
    "title": "Public Knowledge Project omp/ojs Payment Instructions Setting paymentForm.tpl cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.333042\nhttps://vuldb.com/?ctiid.333042\nhttps://vuldb.com/?submit.695020\nhttps://github.com/pkp/pkp-lib/issues/12022\nhttps://github.com/pkp/pkp-lib/issues/12022#event-20904087480\nhttps://github.com/pkp/pkp-lib/issues/12022#event-20904112770",
    "id": "CVE-2025-13469",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "Public Knowledge Project omp 3.3.0\nPublic Knowledge Project omp 3.4.0\nPublic Knowledge Project omp 3.5.0\nPublic Knowledge Project ojs 3.3.0\nPublic Knowledge Project ojs 3.4.0\nPublic Knowledge Project ojs 3.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "omp",
    "version": "3.3.0",
    "vendor": "Public Knowledge Project",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Public Knowledge Project omp/ojs Payment Instructions Setting paymentForm.tpl cross site scripting_CVE-2025-13469