CVE-2025-13469

Summary

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the argument manualInstructions leads to cross site scripting. The attack can be initiated remotely. You should upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
Public Knowledge Projectomp3.3.0affected
Public Knowledge Projectomp3.4.0affected
Public Knowledge Projectomp3.5.0affected
Public Knowledge Projectojs3.3.0affected
Public Knowledge Projectojs3.4.0affected
Public Knowledge Projectojs3.5.0affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References