Lucene search

Sfu Security Vulnerabilities

cve

CVE-2023-5900

Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to...

4.3CVSS

4.7AI Score

0.0005EPSS

2023-11-07 04:24 AM

cve

CVE-2023-5901

Cross-site Scripting in GitHub repository pkp/pkp-lib prior to...

4.8CVSS

5AI Score

0.0004EPSS

2023-11-07 04:24 AM

cve

CVE-2023-47271

PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover...

5.3CVSS

5.2AI Score

0.001EPSS

2023-11-06 12:15 AM

cve

CVE-2023-5904

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to...

5.4CVSS

4.2AI Score

0.0004EPSS

2023-11-07 04:24 AM

cve

CVE-2023-5902

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to...

4.3CVSS

4.7AI Score

0.0005EPSS

2023-11-07 04:24 AM

cve

CVE-2023-5903

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to...

5.4CVSS

4.2AI Score

0.0004EPSS

2023-11-07 04:24 AM

cve

CVE-2023-5890

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to...

5.4CVSS

4.8AI Score

0.0004EPSS

2023-11-01 01:15 AM

cve

CVE-2023-5891

Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to...

5.4CVSS

5.3AI Score

0.0004EPSS

2023-11-01 01:15 AM

cve

CVE-2023-5893

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to...

8.8CVSS

5.4AI Score

0.001EPSS

2023-11-01 01:15 AM

cve

CVE-2023-5892

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to...

5.4CVSS

5.3AI Score

0.0004EPSS

2023-11-01 01:15 AM

cve

CVE-2023-5894

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to...

5.4CVSS

4.3AI Score

0.0004EPSS

2023-11-01 01:15 AM

cve

CVE-2023-5895

Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to...

5.4CVSS

4.3AI Score

0.0004EPSS

2023-11-01 01:15 AM

cve

CVE-2023-5897

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to...

8.8CVSS

7AI Score

0.001EPSS

2023-11-01 01:15 AM

cve

CVE-2023-5896

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to...

5.4CVSS

4.2AI Score

0.0004EPSS

2023-11-01 01:15 AM

cve

CVE-2023-5626

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to...

8.8CVSS

6.2AI Score

0.001EPSS

2023-10-18 12:15 AM

cve

CVE-2019-19909

An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is...

8.8CVSS

8.7AI Score

0.005EPSS

2019-12-19 07:15 PM

cve

CVE-2018-12229

Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author...

6.1CVSS

6AI Score

0.002EPSS

2018-06-12 11:29 AM