Suspicious code appeared (again!)

Describe the issue or problem
Some suspicious code appeared above the “Issue”/“Ausgabe” div container on the article landing page, only a few pixel. We discovered this a few weeks ago and edited our code. Now these links/pixels appeared again.

<a style="display: block; font-size: 1px;float: left;color:#ffffe6;" href="https://mahanserver.net/vps/iran-vps/">سرور مجازی ایران</a>

<a style="display: block; font-size: 1px;float: left;color:#ffffe6;" href="https://app.1ex.net/">Decentralized Exchange</a>

code-ojs-0
code-ojs-1
code-ojs-2

What application are you using?
OJS 3.3.0-13, Themes are Standard and Manuscript

Additional information
If you want to check you journals, mark everything an your landing page and look for a small blue line above the Issue container.
I googled the arab term plus ojs and found other instances/journals that are also affected.

Hi @unkej,

You should update your OJS; 3.3.0-13 is out of date. There are some known XSS flaws in older versions of OJS 3.3.0-x.

Regards,
Alec Smecher
Public Knowledge Project Team

1 Like

Thanks @asmecher!
Will 3.3.0.18 be ok? Our admin would like to update only to LTS versions.

Hi @unkej,

Yes, that release should be fine. We actively maintain both 3.3.0-x and 3.4.0-x at the moment, and will provide a window of support for 3.3.0-x even after the next LTS is released (which will be on the 3.5.0 line).

Regards,
Alec Smecher
Public Knowledge Project Team

1 Like

This topic was automatically closed after 10 days. New replies are no longer allowed.