← Back

Pkp Web Application Library

pkp_web_application_library

Vendor: Sfu • 12 CVEs

CVEs (12)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-5904
1Sfu
1Pkp Web Application Library
Nov 21, 2024
Nov 7, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-5903
1Sfu
1Pkp Web Application Library
Nov 21, 2024
Nov 7, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-5902
1Sfu
1Pkp Web Application Library
Nov 21, 2024
Nov 7, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-5901
1Sfu
1Pkp Web Application Library
Nov 21, 2024
Nov 7, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-5900
1Sfu
1Pkp Web Application Library
Nov 21, 2024
Nov 7, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-47271
1Sfu
1Pkp Web Application Library
Nov 21, 2024
Nov 6, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export pl...Show more
PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.Show less
CVE-2023-5896
1Sfu
1Pkp Web Application Library
Nov 21, 2024
Nov 1, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.
CVE-2023-5895
1Sfu
1Pkp Web Application Library
Nov 21, 2024
Nov 1, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-5893
1Sfu
1Pkp Web Application Library
Nov 21, 2024
Nov 1, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-5892
1Sfu
1Pkp Web Application Library
Nov 21, 2024
Nov 1, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-5891
1Sfu
1Pkp Web Application Library
Nov 21, 2024
Nov 1, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-5890
1Sfu
1Pkp Web Application Library
Nov 21, 2024
Nov 1, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.