CVE-2018-12588

Name: CVE-2018-12588
Creator: NVD / NIST
Published: 2018-06-19T21:29:01.13+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.63%

Last modified Jun 17, 2026

CVE-2018-12588 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field).. EPSS estimates a 1.63% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field).

Metrics

EPSS Probability

1.63%

73.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Public Knowledge Project	Open Monograph Press	>= 1.2.0, < 3.1.1-3

References

https://forum.pkp.sfu.ca/t/ojs-3-1-1-2-and-omp-3-1-1-3-released/45937Exploit, Patch, Vendor Advisory
https://forum.pkp.sfu.ca/t/xss-vulnerability-alert/45938Vendor Advisory
https://github.com/pkp/omp/commit/bfdcdec64865238163282c5940a6c7896c0977bfPatch, Third Party Advisory
https://github.com/pkp/pkp-lib/issues/3805Exploit, Third Party Advisory
https://metamorfosec.com/Files/Advisories/METS-2018-002-A_XSS_Vulnerability_in_OMP_1.2.0_to_3.1.1-2.txtTechnical Description, Third Party Advisory
https://forum.pkp.sfu.ca/t/ojs-3-1-1-2-and-omp-3-1-1-3-released/45937Exploit, Patch, Vendor Advisory
https://forum.pkp.sfu.ca/t/xss-vulnerability-alert/45938Vendor Advisory
https://github.com/pkp/omp/commit/bfdcdec64865238163282c5940a6c7896c0977bfPatch, Third Party Advisory
https://github.com/pkp/pkp-lib/issues/3805Exploit, Third Party Advisory
https://metamorfosec.com/Files/Advisories/METS-2018-002-A_XSS_Vulnerability_in_OMP_1.2.0_to_3.1.1-2.txtTechnical Description, Third Party Advisory

Timeline

Published: Jun 19, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-12588?

How severe is CVE-2018-12588?

Severity scoring for CVE-2018-12588 is pending analysis. The EPSS model estimates a 1.63% probability of exploitation in the next 30 days.

How do I fix CVE-2018-12588?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-12588?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST