CVE-2024-7902 | pkp ojs up to 3.4.0-6 /login/signOut source redirect

Posted by Angelo Barbosa | Aug 16, 2024 | CVE

A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect.

This vulnerability is handled as CVE-2024-7902. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7902 | pkp ojs up to 3.4.0-6 /login/signOut source redirect

Related Posts

CVE-2024-39287 | Dorsett Controls InfoScan 1.32/1.33/1.35 Central Server Update Server information disclosure (icsa-24-221-01)

CVE-2024-24752 | brefphp bref up to 2.1.12 Multipart Request /tmp RequestHandlerInterface resource consumption (GHSA-x4hh-frx8-98r5)

CVE-2023-27636 | Progress Sitefinity CMS up to 14.x SF Editor cross site scripting

CVE-2024-33661 | Portainer up to 2.19.x redirect