Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Pkp Web Application Library Security Vulnerabilities

cve
cve

CVE-2023-47271

PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.

5.3CVSS

5.2AI Score

0.001EPSS

2023-11-06 12:15 AM
26
cve
cve

CVE-2023-5889

Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

8.2CVSS

5.6AI Score

0.001EPSS

2023-11-01 01:15 AM
17
cve
cve

CVE-2023-5890

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

5.4CVSS

4.8AI Score

0.0004EPSS

2023-11-01 01:15 AM
17
cve
cve

CVE-2023-5891

Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

5.4CVSS

5.3AI Score

0.0004EPSS

2023-11-01 01:15 AM
26
cve
cve

CVE-2023-5892

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

5.4CVSS

5.3AI Score

0.0004EPSS

2023-11-01 01:15 AM
17
cve
cve

CVE-2023-5893

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

8.8CVSS

5.4AI Score

0.001EPSS

2023-11-01 01:15 AM
20
cve
cve

CVE-2023-5895

Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

5.4CVSS

4.3AI Score

0.0004EPSS

2023-11-01 01:15 AM
18
cve
cve

CVE-2023-5896

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.

5.4CVSS

4.2AI Score

0.0004EPSS

2023-11-01 01:15 AM
39
cve
cve

CVE-2023-5898

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

8.8CVSS

5.4AI Score

0.001EPSS

2023-11-01 01:15 AM
20
cve
cve

CVE-2023-5899

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

8.8CVSS

5.4AI Score

0.001EPSS

2023-11-01 01:15 AM
39
cve
cve

CVE-2023-5900

Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

4.3CVSS

4.7AI Score

0.0005EPSS

2023-11-07 04:24 AM
13
cve
cve

CVE-2023-5901

Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

4.8CVSS

5AI Score

0.0004EPSS

2023-11-07 04:24 AM
32
cve
cve

CVE-2023-5902

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

4.3CVSS

4.7AI Score

0.0005EPSS

2023-11-07 04:24 AM
6
cve
cve

CVE-2023-5903

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

5.4CVSS

4.2AI Score

0.0004EPSS

2023-11-07 04:24 AM
7
cve
cve

CVE-2023-5904

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

5.4CVSS

4.2AI Score

0.0004EPSS

2023-11-07 04:24 AM
9