Lucene search

@huntrdevCVELIST:CVE-2023-5626

HistoryOct 17, 2023 - 11:22 p.m.

CVE-2023-5626 Cross-Site Request Forgery (CSRF) in pkp/ojs

2023-10-1723:22:41

CWE-352

@huntrdev

www.cve.org

cve-2023-5626

csrf

github

pkp/ojs

vulnerability

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

24.1%

JSON

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16.

CNA Affected

[
  {
    "vendor": "pkp",
    "product": "pkp/ojs",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "3.3.0-16",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/pkp/ojs/commit/99a9f393190383454aa5ddffedffc89596f6c682

huntr.dev/bounties/c99279c1-709a-4e7b-a042-010c2bb44d6b

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

24.1%

JSON

Related for CVELIST:CVE-2023-5626