OJS and OMP users: a reflected XSS vulnerability was reported to us affecting OJS 3.0.0 to 3.1.1-1 (inclusive) and OMP 1.2.0 to 3.1.1-2 (inclusive). The risk is not huge, but it is worth patching/upgrading. Latest releases are OK. Instructions at:
https://forum.pkp.sfu.ca/t/xss-vulnerability-alert/
Please post any questions to the linked forum entry and someone will get back to you.