We’ve recently released OJS 3.1.1-2 and OMP 3.1.1-3, and these releases contain a fix for a reflected XSS vulnerability. See OJS 3.1.1-2 and OMP 3.1.1-3 Released for details.
This is not a critical vulnerability but I do recommend patching or upgrading. Details at the link above.
Public Knowledge Project Team