Pkp Lib
by Pkp
Source repositories
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-46326 | Med | 0.40 | 6.1 | 0.00 | Oct 21, 2024 | Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function. | ||
| CVE-2025-13469 | Low | 0.16 | 2.4 | 0.00 | Nov 20, 2025 | A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the… | ||
| CVE-2023-47271 | 0.00 | — | 0.01 | Nov 5, 2023 | PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an… | |||
| CVE-2023-5904 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-5903 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-5900 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-5901 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-5898 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-5902 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-5896 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4. | |||
| CVE-2023-5899 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-5895 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-5889 | 0.00 | — | 0.00 | Nov 1, 2023 | Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-5891 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-5892 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-5893 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-5890 | 0.00 | — | 0.00 | Nov 1, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2023-4695 | 0.00 | — | 0.01 | Sep 1, 2023 | Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | |||
| CVE-2019-19909 | 0.00 | — | 0.01 | Dec 19, 2019 | An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used. |
- risk 0.40cvss 6.1epss 0.00
Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function.
- risk 0.16cvss 2.4epss 0.00
A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the…
- CVE-2023-47271Nov 5, 2023risk 0.00cvss —epss 0.01
PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an…
- CVE-2023-5904Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-5903Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-5900Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-5901Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-5898Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-5902Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-5896Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.
- CVE-2023-5899Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-5895Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-5889Nov 1, 2023risk 0.00cvss —epss 0.00
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-5891Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-5892Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-5893Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-5890Nov 1, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2023-4695Sep 1, 2023risk 0.00cvss —epss 0.01
Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
- CVE-2019-19909Dec 19, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.