CVE-2023-5903

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5903
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://huntr.com/bounties/5c147ff8-3cc4-4f21-9f1c-13fd50957dad Exploit Third Party Advisory
https://github.com/pkp/pkp-lib/commit/8b26ee404af3b11803a40e904f985f0a0b215a5c Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:sfu:pkp_web_application_library:*:*:*:*:*:*:*:*
Information

Published : 2023-11-07 04:24

Updated : 2023-11-13 15:21

NVD link : CVE-2023-5903

Mitre link : CVE-2023-5903

JSON object : View

Products Affected

sfu

  • pkp_web_application_library
CWE

No CWE.