2876 matches found
CVE-2023-5902 Cross-Site Request Forgery (CSRF) in pkp/pkp-lib
Cross-Site Request Forgery CSRF in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5902 Cross-Site Request Forgery (CSRF) in pkp/pkp-lib
Cross-Site Request Forgery CSRF in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5898 Cross-Site Request Forgery (CSRF) in pkp/pkp-lib
Cross-Site Request Forgery CSRF in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5898 Cross-Site Request Forgery (CSRF) in pkp/pkp-lib
Cross-Site Request Forgery CSRF in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5899 Cross-Site Request Forgery (CSRF) in pkp/pkp-lib
Cross-Site Request Forgery CSRF in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5895 Cross-site Scripting (XSS) - DOM in pkp/pkp-lib
Cross-site Scripting XSS - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5895 Cross-site Scripting (XSS) - DOM in pkp/pkp-lib
Cross-site Scripting XSS - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5895
CVE-2023-5895 affects the PKP library (pkp/pkp-lib) prior to 3.3.0-16, with a DOM-based Cross-site Scripting (XSS) flaw caused by unescaped user input in the web output. Public references in Red Hat and OSV/NVD confirm the issue as XSS in pkp/pkp-lib, tracked across multiple sources. The vulnerab...
CVE-2023-5895 Cross-site Scripting (XSS) - DOM in pkp/pkp-lib
Cross-site Scripting XSS - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5889 Insufficient Session Expiration in pkp/pkp-lib
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5893 Cross-Site Request Forgery (CSRF) in pkp/pkp-lib
Cross-Site Request Forgery CSRF in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5891 Cross-site Scripting (XSS) - Reflected in pkp/pkp-lib
Cross-site Scripting XSS - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5890 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib
Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5889 Insufficient Session Expiration in pkp/pkp-lib
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5889
CVE-2023-5889 affects pkp/pkp-lib in versions prior to 3.3.0-16. The issue is described as insufficient session expiration time (session timeout) in the PKP Web Application Library used by PKP projects. Multiple sources (NVD, Red Hat, OSV, CVE lists, PT Security) corroborate the affected version ...
CVE-2023-5891
CVE-2023-5891 is a Cross-site Scripting (XSS) vulnerability in PKP Web Application Library (PKP-lib) prior to version 3.3.0-16. The issue arises from unescaped user input in web responses, enabling reflected XSS attacks in the pkp/pkp-lib component. Affected software is PKP Web Application Librar...
CVE-2023-5893
The CVE-2023-5893 issue affects pkp/pkp-lib versions prior to 3.3.0-16 and is a Cross-Site Request Forgery (CSRF) vulnerability. The PEP/PoC materials indicate CSRF can enable unauthorized state-changing actions on behalf of authenticated users. Public details confirm the vulnerable component is ...
CVE-2023-5890
CVE-2023-5890 affects pkp/pkp-lib (PKP Web Application Library) prior to version 3.3.0-16. The issue is a Stored Cross-site Scripting (XSS) vulnerability arising from unescaped input in the repository, leading to script injection in impacted sites. The public references consistently describe the ...
CVE-2023-5892
CVE-2023-5892 affects PKP Web Application Library (pkp-lib) prior to 3.3.0-16, where input is stored and not escaped, enabling stored XSS in PKP-based systems (e.g., PKP lib used by OJS/OCS/etc.). Root cause: insufficient escaping of stored user input in relevant components of pkp-lib. Impact: cr...
CVE-2023-5891 Cross-site Scripting (XSS) - Reflected in pkp/pkp-lib
Cross-site Scripting XSS - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16...