CVE-2023-5895

Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

References

Link	Resource
https://github.com/pkp/pkp-lib/commit/83fa560d6fb54458b312addd23a91ee6520dbe63	Patch
https://huntr.com/bounties/2cc80417-32b2-4024-bbcd-d95a039c11ae	Exploit Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sfu:pkp_web_application_library:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-01 01:15

Updated : 2023-11-08 23:25

NVD link : CVE-2023-5895

Mitre link : CVE-2023-5895

CVE.ORG link : CVE-2023-5895

JSON object : View

Products Affected

sfu

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')