CVE

CVE-2023-5896

Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.

Source: CVE-2023-5896

CVE-2023-5895

Cross-site Scripting (XSS) – DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

Source: CVE-2023-5895

CVE-2023-5894

Cross-site Scripting (XSS) – Stored in GitHub repository pkp/ojs prior to 3.3.0-16.

Source: CVE-2023-5894

CVE-2023-5893

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

Source: CVE-2023-5893

CVE-2023-5892

Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

Source: CVE-2023-5892

CVE-2023-5891

Cross-site Scripting (XSS) – Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

Source: CVE-2023-5891

CVE-2023-5890

Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

Source: CVE-2023-5890

CVE-2023-5889

Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

Source: CVE-2023-5889

CVE-2023-47094

An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Account Plans tab of System Settings via the Plan Name field. Whenever the module is accessed, the XSS payload is executed.

Source: CVE-2023-47094

CVE-2023-47095

An issue was discovered in Virtualmin 7.7. The Custom Fields feature of Edit Virtual Server under System Customization allows XSS.

Source: CVE-2023-47095