CVE-2023-5626 LOW

CVE-2023-5626: Cross-Site Request Forgery (CSRF) in pkp/ojs

Vendor Pkp

Product pkp/ojs

Weakness CWE-352 · CSRF

Published October 17, 2023

Last update September 13, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16.

Key dates

02Disclosure timeline

October 17, 2023 CVE published

September 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5626 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2019-1722 Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability CVE-2022-1603 Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF CVE-2026-39603 WordPress Grand Photography theme <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerability CVE-2023-39925 WordPress Community by PeepSo Plugin <= 6.1.6.0 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2023-5975 ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Plugin Settings Change via ajax