CVE-2025-13469 MEDIUM

CVE-2025-13469: Public Knowledge Project omp/ojs Payment Instructions Setting paymentForm.tpl cross site scripting

Vendor Public Knowledge Project
Product omp
Weakness CWE-79 · XSS
Published November 20, 2025
Last update November 20, 2025

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the argument manualInstructions leads to cross site scripting. The attack can be initiated remotely. You should upgrade the affected component.

Key dates

02Disclosure timeline

November 20, 2025 CVE published
November 20, 2025 Record updated