Lucene search
K

2881 matches found

Vulnrichment
Vulnrichment
added 2023/11/01 12:0 a.m.7 views

CVE-2023-5890 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib

Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

4.6CVSS5.3AI score0.00404EPSS
Exploits1References2
CVE
CVE
added 2023/11/01 12:0 a.m.50 views

CVE-2023-5889

CVE-2023-5889 affects pkp/pkp-lib in versions prior to 3.3.0-16. The issue is described as insufficient session expiration time (session timeout) in the PKP Web Application Library used by PKP projects. Multiple sources (NVD, Red Hat, OSV, CVE lists, PT Security) corroborate the affected version ...

8.2CVSS5AI score0.0044EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/11/01 12:0 a.m.64 views

CVE-2023-5893

The CVE-2023-5893 issue affects pkp/pkp-lib versions prior to 3.3.0-16 and is a Cross-Site Request Forgery (CSRF) vulnerability. The PEP/PoC materials indicate CSRF can enable unauthorized state-changing actions on behalf of authenticated users. Public details confirm the vulnerable component is ...

8.8CVSS5.6AI score0.00264EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/11/01 12:0 a.m.51 views

CVE-2023-5890

CVE-2023-5890 affects pkp/pkp-lib (PKP Web Application Library) prior to version 3.3.0-16. The issue is a Stored Cross-site Scripting (XSS) vulnerability arising from unescaped input in the repository, leading to script injection in impacted sites. The public references consistently describe the ...

5.4CVSS4.8AI score0.00404EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/11/01 12:0 a.m.66 views

CVE-2023-5891

CVE-2023-5891 is a Cross-site Scripting (XSS) vulnerability in PKP Web Application Library (PKP-lib) prior to version 3.3.0-16. The issue arises from unescaped user input in web responses, enabling reflected XSS attacks in the pkp/pkp-lib component. Affected software is PKP Web Application Librar...

5.4CVSS5.3AI score0.00404EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/11/01 12:0 a.m.47 views

CVE-2023-5892

CVE-2023-5892 affects PKP Web Application Library (pkp-lib) prior to 3.3.0-16, where input is stored and not escaped, enabling stored XSS in PKP-based systems (e.g., PKP lib used by OJS/OCS/etc.). Root cause: insufficient escaping of stored user input in relevant components of pkp-lib. Impact: cr...

5.4CVSS5.3AI score0.00404EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/11/01 12:0 a.m.18 views

CVE-2023-5889 Insufficient Session Expiration in pkp/pkp-lib

Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

4.3CVSS8.5AI score0.0044EPSS
Exploits1References2
OSV
OSV
added 2023/11/01 12:0 a.m.20 views

CVE-2023-5891 Cross-site Scripting (XSS) - Reflected in pkp/pkp-lib

Cross-site Scripting XSS - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

5.4CVSS5.5AI score0.00404EPSS
Exploits1References4
OSV
OSV
added 2023/11/01 12:0 a.m.9 views

CVE-2023-5892 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib

Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

5.4CVSS5.5AI score0.00404EPSS
Exploits1References4
OSV
OSV
added 2023/11/01 12:0 a.m.16 views

CVE-2023-5890 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib

Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

4.6CVSS4.8AI score0.00404EPSS
Exploits1References4
OSV
OSV
added 2023/11/01 12:0 a.m.26 views

CVE-2023-5893 Cross-Site Request Forgery (CSRF) in pkp/pkp-lib

Cross-Site Request Forgery CSRF in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

3.5CVSS4.5AI score0.00264EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/11/01 12:0 a.m.4 views

PT-2023-32406 · Pkp · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository pkp/pkp-lib. CSRF is an attack that tricks the victim into performing unintended actions on a web application...

8.8CVSS3.9AI score0.00264EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/11/01 12:0 a.m.8 views

PT-2023-32400 · Pkp · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository pkp/pkp-lib. Recommendations: For versions prior to 3.3.0-16, update to version 3.3.0-16 or later to resolve...

8.8CVSS3.9AI score0.00264EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/11/01 12:0 a.m.5 views

PT-2023-32409 · Pkp · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository pkp/pkp-lib. Recommendations: For versions prior to 3.3.0-16, update to version 3.3.0-16 or later to resolve...

4.3CVSS4.6AI score0.00255EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.20 views

Ubuntu 16.04 ESM / 18.04 ESM : Kerberos vulnerability (USN-6467-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6467-1 advisory. Robert Morris discovered that Kerberos did not properly handle memory access when processing RPC data through kadmind, which could lead to the freeing...

6.5CVSS7.1AI score0.02107EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.5 views

PT-2023-32402 · Pkp-Lib · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-site Scripting XSS - DOM in the GitHub repository pkp/pkp-lib. This type of attack occurs when an application includes user input in its output without proper...

5.4CVSS3.5AI score0.00411EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.5 views

PT-2023-32403 · Pkp-Lib · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.4.0-4 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the GitHub repository pkp/pkp-lib. Recommendations: For versions prior to 3.4.0-4, update to version 3.4.0-4 or later ...

5.4CVSS3.2AI score0.00338EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.7 views

PT-2023-32396 · Pkp-Lib · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue is related to insufficient session expiration in the GitHub repository pkp/pkp-lib. Recommendations: For versions prior to 3.3.0-16, update to version 3.3.0-16 or later to resolve...

8.2CVSS4.5AI score0.0044EPSS
Exploits1References7
NVD
NVD
added 2023/10/25 6:17 p.m.54 views

CVE-2023-46135

rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.innerpayloadlen should not above 64. This vulnerability has been patched in version 0.0.8...

7.5CVSS6AI score0.00762EPSS
Exploits1References2
CVE
CVE
added 2023/10/25 12:38 a.m.65 views

CVE-2023-46135

The CVE-2023-46135 issue affects rs-stellar-strkey, a Rust library for Stellar Strkey encoding/decoding. A panic vulnerability occurs during processing of crafted payloads where inner_payload_len should not exceed 64; this condition is the root cause described in various advisories. The vulnerabi...

7.5CVSS6.2AI score0.00762EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder