📄 PKP-WAL 3.5.0-1 Cross Site Request Forgery

PKP-WAL versions 3.5.0-1 and below suffer from a cross site request forgery vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 Login Cross-Site Request Forgery Vulnerability ----------------------------------------------------------------- - Softwar...

EUVD-2023-58173

Malicious code in bioql PyPI...

CVE-2023-5899

Cross-Site Request Forgery CSRF in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-5898

Cross-Site Request Forgery CSRF in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-47271

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

PKP Web Application Library Cross-Site Scripting Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A cross-site scripting vulnerability exists in versions prior to PKP Web Application Library 3.3.0-1...

PKP Web Application Library Cross-Site Request Forgery Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A cross-site request forgery vulnerability exists in versions prior to PKP Web Application Library...

PKP Web Application Library Cross-Site Scripting Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A cross-site scripting vulnerability exists in the PKP Web Application Library prior to version...

PT-2023-32411 · Pkp-Lib · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-site Scripting XSS - Stored. This means that an attacker can inject malicious scripts into a website, which are then stored on the server and executed by other user...

PT-2023-32407 · Pkp · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-Site Request Forgery. Recommendations: For versions prior to 3.3.0-16, update to version 3.3.0-16 or later to resolve the issue...

PT-2023-32405 · Pkp · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository pkp/pkp-lib. Recommendations: For versions prior to 3.3.0-16, update to version 3.3.0-16 or later to resolve...

PT-2023-32410 · Public Knowledge · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input without proper validation, allowing attackers to inject malicious scripts. This can...

PT-2023-32408 · Pkp · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue concerns an Unrestricted Upload of File with Dangerous Type and Cross-site Scripting. Recommendations: For versions prior to 3.3.0-16, update to version 3.3.0-16 or later to resolv...