What the vulnerability does
01Description
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-5903
LOW
CVE-2023-5903: Cross-site Scripting (XSS) - Stored in pkp/pkp-lib
CVSS base score
2.7/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
November 1, 2023
CVE published
February 27, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-21311 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-11865 Tabs Maker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2022-43480 WordPress Homepage Pop-up Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2025-23072 XSS in Special:RefreshSpecial
CVE-2023-24508 Remote Code Execution in Baicells RTS Platform
