Cross-Site Scripting Vulnerability in Public Knowledge Project OJS Software
CVE-2025-13469

4.8MEDIUM

Key Information:

Vendor

Public Knowledge Project

Status
Omp
Ojs
Vendor
CVE Published:
20 November 2025

What is CVE-2025-13469?

A vulnerability has been identified in the Public Knowledge Project's Open Journal System (OJS) related to cross-site scripting within the Payment Instructions Setting Handler. Specifically, the issue arises from the manipulation of the argument manualInstructions in the file plugins/paymethod/manual/templates/paymentForm.tpl. This vulnerability allows attackers to execute arbitrary scripts in the context of the user's session, which can be initiated remotely, posing significant security risks. It is essential to address this issue by upgrading the affected versions of the OJS software.

Affected Version(s)

ojs 3.3.0

ojs 3.4.0

ojs 3.5.0

References

https://vuldb.com/?id.333042
vdb-entrytechnical-description
https://vuldb.com/?ctiid.333042
signaturepermissions-required
https://vuldb.com/?submit.695020
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

tsuretettee (VulDB User)
JSON
.
CVE-2025-13469 : Cross-Site Scripting Vulnerability in Public Knowledge Project OJS Software