Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-5889

Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE
#git
CVE-2023-5897: https://github.com/pkp/customLocale/issues/27 Add CSRF checking · pkp/customLocale@407ba30

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1.

CVE-2023-5896

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.

CVE-2023-5894: pkp/pkp-lib#9283 Correctly escape special characters in issue title (… · pkp/ojs@66927de

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.

CVE-2023-5891: pkp/pkp-lib#9306 Escape context names in form field labels · pkp/pkp-lib@d4111c4

Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE-2023-5893

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE-2023-5892

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE-2023-5899

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE-2023-5898

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE-2023-5895

Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.