What the vulnerability does
01Description
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-5890
MEDIUM
CVE-2023-5890: Cross-site Scripting (XSS) - Stored in pkp/pkp-lib
CVSS base score
4.6/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Key dates
02Disclosure timeline
November 1, 2023
CVE published
February 27, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-64850 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-50043 WordPress Code Engine plugin <= 0.3.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-15654 WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-26060 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-58091
