2881 matches found
CVE-2023-5890 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib
Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5889
CVE-2023-5889 affects pkp/pkp-lib in versions prior to 3.3.0-16. The issue is described as insufficient session expiration time (session timeout) in the PKP Web Application Library used by PKP projects. Multiple sources (NVD, Red Hat, OSV, CVE lists, PT Security) corroborate the affected version ...
CVE-2023-5893
The CVE-2023-5893 issue affects pkp/pkp-lib versions prior to 3.3.0-16 and is a Cross-Site Request Forgery (CSRF) vulnerability. The PEP/PoC materials indicate CSRF can enable unauthorized state-changing actions on behalf of authenticated users. Public details confirm the vulnerable component is ...
CVE-2023-5890
CVE-2023-5890 affects pkp/pkp-lib (PKP Web Application Library) prior to version 3.3.0-16. The issue is a Stored Cross-site Scripting (XSS) vulnerability arising from unescaped input in the repository, leading to script injection in impacted sites. The public references consistently describe the ...
CVE-2023-5891
CVE-2023-5891 is a Cross-site Scripting (XSS) vulnerability in PKP Web Application Library (PKP-lib) prior to version 3.3.0-16. The issue arises from unescaped user input in web responses, enabling reflected XSS attacks in the pkp/pkp-lib component. Affected software is PKP Web Application Librar...
CVE-2023-5892
CVE-2023-5892 affects PKP Web Application Library (pkp-lib) prior to 3.3.0-16, where input is stored and not escaped, enabling stored XSS in PKP-based systems (e.g., PKP lib used by OJS/OCS/etc.). Root cause: insufficient escaping of stored user input in relevant components of pkp-lib. Impact: cr...
CVE-2023-5889 Insufficient Session Expiration in pkp/pkp-lib
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5891 Cross-site Scripting (XSS) - Reflected in pkp/pkp-lib
Cross-site Scripting XSS - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5892 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib
Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5890 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib
Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
CVE-2023-5893 Cross-Site Request Forgery (CSRF) in pkp/pkp-lib
Cross-Site Request Forgery CSRF in GitHub repository pkp/pkp-lib prior to 3.3.0-16...
PT-2023-32406 · Pkp · Pkp-Lib
Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository pkp/pkp-lib. CSRF is an attack that tricks the victim into performing unintended actions on a web application...
PT-2023-32400 · Pkp · Pkp-Lib
Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository pkp/pkp-lib. Recommendations: For versions prior to 3.3.0-16, update to version 3.3.0-16 or later to resolve...
PT-2023-32409 · Pkp · Pkp-Lib
Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository pkp/pkp-lib. Recommendations: For versions prior to 3.3.0-16, update to version 3.3.0-16 or later to resolve...
Ubuntu 16.04 ESM / 18.04 ESM : Kerberos vulnerability (USN-6467-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6467-1 advisory. Robert Morris discovered that Kerberos did not properly handle memory access when processing RPC data through kadmind, which could lead to the freeing...
PT-2023-32402 · Pkp-Lib · Pkp-Lib
Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-site Scripting XSS - DOM in the GitHub repository pkp/pkp-lib. This type of attack occurs when an application includes user input in its output without proper...
PT-2023-32403 · Pkp-Lib · Pkp-Lib
Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.4.0-4 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the GitHub repository pkp/pkp-lib. Recommendations: For versions prior to 3.4.0-4, update to version 3.4.0-4 or later ...
PT-2023-32396 · Pkp-Lib · Pkp-Lib
Name of the Vulnerable Software and Affected Versions: pkp/pkp-lib versions prior to 3.3.0-16 Description: The issue is related to insufficient session expiration in the GitHub repository pkp/pkp-lib. Recommendations: For versions prior to 3.3.0-16, update to version 3.3.0-16 or later to resolve...
CVE-2023-46135
rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.innerpayloadlen should not above 64. This vulnerability has been patched in version 0.0.8...
CVE-2023-46135
The CVE-2023-46135 issue affects rs-stellar-strkey, a Rust library for Stellar Strkey encoding/decoding. A panic vulnerability occurs during processing of crafted payloads where inner_payload_len should not exceed 64; this condition is the root cause described in various advisories. The vulnerabi...