What the vulnerability does
01Description
Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS base score
3.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Key dates
02Disclosure timeline
November 1, 2023
CVE published
August 2, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-29098 WordPress WP Calameo plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-12077 WP to LinkedIn Auto Publish <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage
CVE-2022-40968 WordPress 2kb Amazon Affiliates Store Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2021-32764 YouTube Onebox susceptible to XSS
CVE-2023-7259 zzdevelop lenosp Adduser Page cross site scripting
