Title: - Public Knowledge Project Open Journal System 3.5.0-1 Cross Site Scripting Description: - The OJS Manual Payment Plugin allows for text to be inserted and rendered unescaped on a public facing page. Scripts injected into this page by a Journal Manager or Administrator would run in the context of the current signed-in user that would visit the public facing page. Source: - https://github.com/pkp/pkp-lib/issues/12022 User: -  Submission: - 11/13/2025 05:55 PM (7 days ago) Moderation: - 11/20/2025 08:04 AM (7 days later) Status: - !Accepted VulDB entry: -  - Public Knowledge Project omp/ojs 3.3.0/3.4.0/3.5.0 Payment Instructions Setting paymentForm.tpl manualInstructions cross site scripting Points: - 17