SQL Injection, JSON injection and XSS detected after SAST execution #11774

kokart · 2025-09-03T09:42:08Z

kokart
Sep 3, 2025

After a SAST execution we have detected differents issues.

These are critical:
SQL_INJECTION.pdf
INJECTION JSON.pdf
CROSS-SITING DOM.pdf

I've attached the related report in Spanish , but the full report shows more issues:

Thank you

asmecher · 2025-09-03T16:49:00Z

asmecher
Sep 3, 2025
Maintainer

@kokart, please see https://github.com/pkp/ojs/blob/main/SECURITY.md for details on responsible disclosure of potential security issues.

The SQL_INJECTION.pdf document relates to code in the Laravel dependency, not our codebase. At a glance, these are false positives -- the queries in question are not supplied with data from remote users. If you're still concerned about them, however, you could submit them to the Laravel project.

If you're willing to replicate these issues and provide details, then they could be valuable; raw reports out of SAST tools typically produce a lot of false positives and are very time-consuming to work with. Especially in Spanish, which is not my strongest language!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SQL Injection, JSON injection and XSS detected after SAST execution #11774

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

SQL Injection, JSON injection and XSS detected after SAST execution #11774

Uh oh!

Uh oh!

kokart Sep 3, 2025

Replies: 1 comment

Uh oh!

asmecher Sep 3, 2025 Maintainer

kokart
Sep 3, 2025

asmecher
Sep 3, 2025
Maintainer