Skip to main content

Pkp Web Application Library CVE-2023-47271

MEDIUM
2023-11-06 cve@mitre.org
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 06, 2023 - 00:15 nvd
MEDIUM 5.3

DescriptionNVD

PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.

AnalysisAI

PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image. Affected products include: Sfu Pkp Web Application Library. Version information: before 3.3.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-5899 HIGH POC
8.8 Nov 01

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.8), th

CVE-2023-5898 HIGH POC
8.8 Nov 01

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.8), th

CVE-2023-5893 HIGH POC
8.8 Nov 01

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.8), th

CVE-2023-5889 HIGH POC
8.2 Nov 01

Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.2), this

CVE-2023-5904 MEDIUM POC
5.4 Nov 07

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4)

CVE-2023-5903 MEDIUM POC
5.4 Nov 07

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4)

CVE-2023-5896 MEDIUM POC
5.4 Nov 01

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4. Rated medium severity (CVSS 5.4),

CVE-2023-5895 MEDIUM POC
5.4 Nov 01

Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), t

CVE-2023-5892 MEDIUM POC
5.4 Nov 01

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4)

CVE-2023-5891 MEDIUM POC
5.4 Nov 01

Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5

CVE-2023-5890 MEDIUM POC
5.4 Nov 01

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4)

CVE-2023-5901 MEDIUM POC
4.8 Nov 07

Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 4.8), this vulnerab

Share

CVE-2023-47271 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy