Skip to main content

Pkp Web Application Library

15 CVEs product

Monthly

CVE-2023-5904 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5903 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5902 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pkp Web Application Library
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-5901 MEDIUM POC PATCH This Month

Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-5900 MEDIUM POC PATCH This Month

Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pkp Web Application Library
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-47271 MEDIUM PATCH This Month

PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-5899 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pkp Web Application Library
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5898 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pkp Web Application Library
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5896 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-5895 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5893 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pkp Web Application Library
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5892 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5891 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5890 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5889 HIGH POC PATCH This Week

Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pkp Web Application Library
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pkp Web Application Library
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pkp Web Application Library
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy