CVE-2022-24181

MEDIUM NUCLEI

PKP Open Journals System >=2.4.8 - XSS

Title source: llm

Description

Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.

Exploits (2)

exploitdb WRITEUP
by Hemant Kashyap · textwebappsphp
https://www.exploit-db.com/exploits/50881
nomisec WRITEUP
by cyberhawk000 · poc
https://github.com/cyberhawk000/CVE-2022-24181

Nuclei Templates (1)

PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting
MEDIUMVERIFIEDby lucasljm2001,ekrause
Shodan: cpe:"cpe:2.3:a:public_knowledge_project:open_journal_systems"

References (1)

Scores

CVSS v3 6.1
EPSS 0.0360
EPSS Percentile 87.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
public_knowledge_project/open_journal_systems 2.4.8 - 3.3
Published Apr 01, 2022
Tracked Since Feb 18, 2026