Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-6671: Cross-Site Request Forgery on OPEN JOURNAL SYSTEMS

A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.

CVE
#csrf#vulnerability#web#js#auth

Affected Resources

OPEN JOURNAL SYSTEMS, version 3.3.0.13.

Description

INCIBE has coordinated the publication of a vulnerability affecting OJS (OPEN JOURNAL SYSTEMS), an open source solution for the management and publication of online academic journals, in its version 3.3.0.13, which has been discovered by David Cámara Galindo, from Telefónica Tech.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2023-6671: CVSS v3.1: 6.3 | CVSS: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-352.

Solution

There is no reported solution at this time.

Detail

  • CVE-2023-6671: a vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907