VYPR

Pkp Lib

by Pkp

Source repositories

CVEs (19)

  • CVE-2024-46326MedOct 21, 2024
    risk 0.40cvss 6.1epss 0.00

    Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function.

  • CVE-2025-13469LowNov 20, 2025
    risk 0.16cvss 2.4epss 0.00

    A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the…

  • CVE-2023-47271Nov 5, 2023
    risk 0.00cvss epss 0.01

    PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an…

  • CVE-2023-5904Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-5903Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-5900Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-5901Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-5898Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-5902Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-5896Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.

  • CVE-2023-5899Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-5895Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-5889Nov 1, 2023
    risk 0.00cvss epss 0.00

    Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-5891Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-5892Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-5893Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-5890Nov 1, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2023-4695Sep 1, 2023
    risk 0.00cvss epss 0.01

    Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

  • CVE-2019-19909Dec 19, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.