Search

Find a vulnerability

Search criteria

    1606 vulnerabilities

    CVE-2023-5948 (GCVE-0-2023-5948)

    Vulnerability from cvelistv5 – Published: 2023-11-03 06:40 – Updated: 2024-09-05 14:32
    VLAI
    Title
    Improper Authorization in teamamaze/amazefileutilities
    Summary
    Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    teamamaze teamamaze/amazefileutilities Affected: unspecified , < 1.91 (custom)
    Create a notification for this product.
    teamamaze amaze_file_utilities Affected: 0 , < 1.91 (custom)
        cpe:2.3:a:teamamaze:amaze_file_utilities:*:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:25.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:teamamaze:amaze_file_utilities:*:*:*:*:*:android:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "amaze_file_utilities",
                "vendor": "teamamaze",
                "versions": [
                  {
                    "lessThan": "1.91",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5948",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T14:22:07.254600Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T14:32:26.617Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "teamamaze/amazefileutilities",
              "vendor": "teamamaze",
              "versions": [
                {
                  "lessThan": "1.91",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-03T06:40:02.720Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692"
            },
            {
              "url": "https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7"
            }
          ],
          "source": {
            "advisory": "ac1363b5-207b-40d9-aac5-e66d6213f692",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Authorization in teamamaze/amazefileutilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5948",
        "datePublished": "2023-11-03T06:40:02.720Z",
        "dateReserved": "2023-11-03T06:39:51.066Z",
        "dateUpdated": "2024-09-05T14:32:26.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5904 (GCVE-0-2023-5904)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:01 – Updated: 2025-02-27 20:37
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in pkp/pkp-lib
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.958Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/4df6bce6-dbe3-48e4-9830-e95cdc5138b6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/aa5c6acb634fbe460765facb2dc26df4b0d7424b"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5904",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:31:58.509447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:37:13.412Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:01:44.457Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/4df6bce6-dbe3-48e4-9830-e95cdc5138b6"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/aa5c6acb634fbe460765facb2dc26df4b0d7424b"
            }
          ],
          "source": {
            "advisory": "4df6bce6-dbe3-48e4-9830-e95cdc5138b6",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in pkp/pkp-lib"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5904",
        "datePublished": "2023-11-01T00:01:44.457Z",
        "dateReserved": "2023-11-01T00:01:39.559Z",
        "dateUpdated": "2025-02-27T20:37:13.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5903 (GCVE-0-2023-5903)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2025-02-27 20:37
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in pkp/pkp-lib
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/5c147ff8-3cc4-4f21-9f1c-13fd50957dad"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/8b26ee404af3b11803a40e904f985f0a0b215a5c"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5903",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:31:59.695620Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:37:20.941Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:42.777Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/5c147ff8-3cc4-4f21-9f1c-13fd50957dad"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/8b26ee404af3b11803a40e904f985f0a0b215a5c"
            }
          ],
          "source": {
            "advisory": "5c147ff8-3cc4-4f21-9f1c-13fd50957dad",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in pkp/pkp-lib"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5903",
        "datePublished": "2023-11-01T00:00:42.777Z",
        "dateReserved": "2023-11-01T00:00:38.225Z",
        "dateUpdated": "2025-02-27T20:37:20.941Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5900 (GCVE-0-2023-5900)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2024-12-03 14:36
    VLAI
    Title
    Cross-Site Request Forgery in pkp/pkp-lib
    Summary
    Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.703Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/c3f011d4-9f76-4b2b-b3d4-a5e2ecd2e354"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/4d77a00be9050fac7eb8d2d1cbedcdaaa1a5a803"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5900",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-25T19:23:32.591129Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T14:36:06.991Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-16T21:09:35.708Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/c3f011d4-9f76-4b2b-b3d4-a5e2ecd2e354"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/4d77a00be9050fac7eb8d2d1cbedcdaaa1a5a803"
            }
          ],
          "source": {
            "advisory": "c3f011d4-9f76-4b2b-b3d4-a5e2ecd2e354",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery in pkp/pkp-lib",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5900",
        "datePublished": "2023-11-01T00:00:42.738Z",
        "dateReserved": "2023-11-01T00:00:37.641Z",
        "dateUpdated": "2024-12-03T14:36:06.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5901 (GCVE-0-2023-5901)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2024-08-02 08:14
    VLAI
    Title
    Cross-site Scripting in pkp/pkp-lib
    Summary
    Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/8fb9b06b-cadd-469e-862d-5ce026019597"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/44d8bde60eb2575fd4087b76540aec9b49389e23"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eCross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.\u003c/p\u003e"
                }
              ],
              "value": "Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-16T21:10:09.782Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/8fb9b06b-cadd-469e-862d-5ce026019597"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/44d8bde60eb2575fd4087b76540aec9b49389e23"
            }
          ],
          "source": {
            "advisory": "8fb9b06b-cadd-469e-862d-5ce026019597",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting in pkp/pkp-lib",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5901",
        "datePublished": "2023-11-01T00:00:42.521Z",
        "dateReserved": "2023-11-01T00:00:37.952Z",
        "dateUpdated": "2024-08-02T08:14:24.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5897 (GCVE-0-2023-5897)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2025-02-27 20:37
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in pkp/customLocale
    Summary
    Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/customLocale Affected: unspecified , < 1.2.0-1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.693Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/7c215b8e-63f6-4146-b8e3-8482c731876f"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/customLocale/commit/407ba30f12f78efe79122591c1d85709c10b6831"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5897",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:00.927354Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:37:26.233Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/customLocale",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "1.2.0-1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:41.904Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/7c215b8e-63f6-4146-b8e3-8482c731876f"
            },
            {
              "url": "https://github.com/pkp/customLocale/commit/407ba30f12f78efe79122591c1d85709c10b6831"
            }
          ],
          "source": {
            "advisory": "7c215b8e-63f6-4146-b8e3-8482c731876f",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in pkp/customLocale"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5897",
        "datePublished": "2023-11-01T00:00:41.904Z",
        "dateReserved": "2023-11-01T00:00:37.411Z",
        "dateUpdated": "2025-02-27T20:37:26.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5898 (GCVE-0-2023-5898)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2025-02-27 20:37
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in pkp/pkp-lib
    Summary
    Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.815Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/19801d12-b8ad-45e7-86e1-8f0230667c9e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/01feef7a9392d314bf75b97a7e099cf0a307acd9"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5898",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:02.137793Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:37:32.347Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:41.808Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/19801d12-b8ad-45e7-86e1-8f0230667c9e"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/01feef7a9392d314bf75b97a7e099cf0a307acd9"
            }
          ],
          "source": {
            "advisory": "19801d12-b8ad-45e7-86e1-8f0230667c9e",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in pkp/pkp-lib"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5898",
        "datePublished": "2023-11-01T00:00:41.808Z",
        "dateReserved": "2023-11-01T00:00:37.528Z",
        "dateUpdated": "2025-02-27T20:37:32.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5902 (GCVE-0-2023-5902)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2025-02-27 20:37
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in pkp/pkp-lib
    Summary
    Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/8b93c7bf-5052-424a-85cc-7e5491c61f20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/2d04e770d2bbbdd899fdec382fbf2a1d4a4ffec8"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5902",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:03.286465Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:37:40.078Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:41.753Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/8b93c7bf-5052-424a-85cc-7e5491c61f20"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/2d04e770d2bbbdd899fdec382fbf2a1d4a4ffec8"
            }
          ],
          "source": {
            "advisory": "8b93c7bf-5052-424a-85cc-7e5491c61f20",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in pkp/pkp-lib"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5902",
        "datePublished": "2023-11-01T00:00:41.753Z",
        "dateReserved": "2023-11-01T00:00:38.082Z",
        "dateUpdated": "2025-02-27T20:37:40.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5896 (GCVE-0-2023-5896)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2025-02-27 20:37
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in pkp/pkp-lib
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.4.0-4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/a1f05be5-24ed-4ec5-9858-fce4233f7bb1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/18b318f83105ffa7fa214179f8e20507b0754236"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5896",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:04.566744Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:37:46.965Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.4.0-4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:41.580Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/a1f05be5-24ed-4ec5-9858-fce4233f7bb1"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/18b318f83105ffa7fa214179f8e20507b0754236"
            }
          ],
          "source": {
            "advisory": "a1f05be5-24ed-4ec5-9858-fce4233f7bb1",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in pkp/pkp-lib"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5896",
        "datePublished": "2023-11-01T00:00:41.580Z",
        "dateReserved": "2023-11-01T00:00:37.367Z",
        "dateUpdated": "2025-02-27T20:37:46.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5899 (GCVE-0-2023-5899)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2025-02-27 20:37
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in pkp/pkp-lib
    Summary
    Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/0c7f1981-3bba-4508-a07e-4cb9a2553216"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/04e0e0eaeacd5d754b2f39c42148b31f646113c5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5899",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:05.749784Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:37:53.080Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:41.225Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/0c7f1981-3bba-4508-a07e-4cb9a2553216"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/04e0e0eaeacd5d754b2f39c42148b31f646113c5"
            }
          ],
          "source": {
            "advisory": "0c7f1981-3bba-4508-a07e-4cb9a2553216",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in pkp/pkp-lib"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5899",
        "datePublished": "2023-11-01T00:00:41.225Z",
        "dateReserved": "2023-11-01T00:00:37.615Z",
        "dateUpdated": "2025-02-27T20:37:53.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5895 (GCVE-0-2023-5895)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2025-02-27 20:37
    VLAI
    Title
    Cross-site Scripting (XSS) - DOM in pkp/pkp-lib
    Summary
    Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.302Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/2cc80417-32b2-4024-bbcd-d95a039c11ae"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/83fa560d6fb54458b312addd23a91ee6520dbe63"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5895",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:06.971377Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:37:59.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:19.147Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/2cc80417-32b2-4024-bbcd-d95a039c11ae"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/83fa560d6fb54458b312addd23a91ee6520dbe63"
            }
          ],
          "source": {
            "advisory": "2cc80417-32b2-4024-bbcd-d95a039c11ae",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - DOM in pkp/pkp-lib"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5895",
        "datePublished": "2023-11-01T00:00:19.147Z",
        "dateReserved": "2023-11-01T00:00:07.157Z",
        "dateUpdated": "2025-02-27T20:37:59.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5894 (GCVE-0-2023-5894)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2025-02-27 20:38
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in pkp/ojs
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/ojs Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/aba3ba5b-aa6b-4076-b663-4237b4a0761d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/ojs/commit/66927de1a82e3a3004db9741d1505ddac0980e63"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5894",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:08.305481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:38:04.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/ojs",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:18.898Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/aba3ba5b-aa6b-4076-b663-4237b4a0761d"
            },
            {
              "url": "https://github.com/pkp/ojs/commit/66927de1a82e3a3004db9741d1505ddac0980e63"
            }
          ],
          "source": {
            "advisory": "aba3ba5b-aa6b-4076-b663-4237b4a0761d",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in pkp/ojs"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5894",
        "datePublished": "2023-11-01T00:00:18.898Z",
        "dateReserved": "2023-11-01T00:00:06.923Z",
        "dateUpdated": "2025-02-27T20:38:04.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5889 (GCVE-0-2023-5889)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2024-09-12 19:46
    VLAI
    Title
    Insufficient Session Expiration in pkp/pkp-lib
    Summary
    Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/fba2991a-1b8a-4c89-9689-d708526928e1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/32d071ef2090fc336bc17d56a86d1dff90c26f0b"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5889",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T19:47:37.415878Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:46:53.033Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:18.857Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/fba2991a-1b8a-4c89-9689-d708526928e1"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/32d071ef2090fc336bc17d56a86d1dff90c26f0b"
            }
          ],
          "source": {
            "advisory": "fba2991a-1b8a-4c89-9689-d708526928e1",
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient Session Expiration in pkp/pkp-lib"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5889",
        "datePublished": "2023-11-01T00:00:18.857Z",
        "dateReserved": "2023-11-01T00:00:06.287Z",
        "dateUpdated": "2024-09-12T19:46:53.033Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5891 (GCVE-0-2023-5891)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2025-02-27 20:38
    VLAI
    Title
    Cross-site Scripting (XSS) - Reflected in pkp/pkp-lib
    Summary
    Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/ce4956e4-9ef5-4e0e-bfb2-481ec5cfb0a5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/d4111c4d0eef783f1ed2e55654a5b83d9d527d97"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5891",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:09.552411Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:38:11.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:18.684Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/ce4956e4-9ef5-4e0e-bfb2-481ec5cfb0a5"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/d4111c4d0eef783f1ed2e55654a5b83d9d527d97"
            }
          ],
          "source": {
            "advisory": "ce4956e4-9ef5-4e0e-bfb2-481ec5cfb0a5",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Reflected in pkp/pkp-lib"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5891",
        "datePublished": "2023-11-01T00:00:18.684Z",
        "dateReserved": "2023-11-01T00:00:06.555Z",
        "dateUpdated": "2025-02-27T20:38:11.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5892 (GCVE-0-2023-5892)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2025-02-27 20:38
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in pkp/pkp-lib
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.631Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/16719252-d88d-43cc-853a-24ff75a067d8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/a0485a5c7410821e0432c079ca676ee6026bffb9"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5892",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:10.890276Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:38:17.650Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:18.543Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/16719252-d88d-43cc-853a-24ff75a067d8"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/a0485a5c7410821e0432c079ca676ee6026bffb9"
            }
          ],
          "source": {
            "advisory": "16719252-d88d-43cc-853a-24ff75a067d8",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in pkp/pkp-lib"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5892",
        "datePublished": "2023-11-01T00:00:18.543Z",
        "dateReserved": "2023-11-01T00:00:06.683Z",
        "dateUpdated": "2025-02-27T20:38:17.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5893 (GCVE-0-2023-5893)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2025-02-27 20:38
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in pkp/pkp-lib
    Summary
    Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.828Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/a965aa16-79ce-4185-8f58-3d3b0d74a71e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/992ca674e9fb705751b1cbf929a1856ebe29b30a"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5893",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:12.351455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:38:24.420Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:18.533Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/a965aa16-79ce-4185-8f58-3d3b0d74a71e"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/992ca674e9fb705751b1cbf929a1856ebe29b30a"
            }
          ],
          "source": {
            "advisory": "a965aa16-79ce-4185-8f58-3d3b0d74a71e",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in pkp/pkp-lib"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5893",
        "datePublished": "2023-11-01T00:00:18.533Z",
        "dateReserved": "2023-11-01T00:00:06.784Z",
        "dateUpdated": "2025-02-27T20:38:24.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5890 (GCVE-0-2023-5890)

    Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2025-02-27 20:38
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in pkp/pkp-lib
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/b60e6e1f-e44d-4b11-acf8-b0548b915686"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pkp/pkp-lib/commit/a868f1cdd98a4f1255a70fd6d8320511e0083f38"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5890",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:13.608343Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:38:32.041Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pkp/pkp-lib",
              "vendor": "pkp",
              "versions": [
                {
                  "lessThan": "3.3.0-16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-01T00:00:18.404Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/b60e6e1f-e44d-4b11-acf8-b0548b915686"
            },
            {
              "url": "https://github.com/pkp/pkp-lib/commit/a868f1cdd98a4f1255a70fd6d8320511e0083f38"
            }
          ],
          "source": {
            "advisory": "b60e6e1f-e44d-4b11-acf8-b0548b915686",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in pkp/pkp-lib"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5890",
        "datePublished": "2023-11-01T00:00:18.404Z",
        "dateReserved": "2023-11-01T00:00:06.498Z",
        "dateUpdated": "2025-02-27T20:38:32.041Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5873 (GCVE-0-2023-5873)

    Vulnerability from cvelistv5 – Published: 2023-10-31 08:06 – Updated: 2025-02-27 20:38
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in pimcore/pimcore
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    pimcore pimcore/pimcore Affected: unspecified , < 11.1.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5873",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:14.898853Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:38:44.746Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pimcore/pimcore",
              "vendor": "pimcore",
              "versions": [
                {
                  "lessThan": "11.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-31T08:06:44.834Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce"
            },
            {
              "url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c"
            }
          ],
          "source": {
            "advisory": "701cfc30-22a1-4c4b-9b2f-885c77c290ce",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5873",
        "datePublished": "2023-10-31T08:06:44.834Z",
        "dateReserved": "2023-10-31T08:06:32.067Z",
        "dateUpdated": "2025-02-27T20:38:44.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5866 (GCVE-0-2023-5866)

    Vulnerability from cvelistv5 – Published: 2023-10-31 00:00 – Updated: 2024-09-05 19:57
    VLAI
    Title
    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq
    Summary
    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
    Assigner
    Impacted products
    Vendor Product Version
    thorsten thorsten/phpmyfaq Affected: unspecified , < 3.2.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5866",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T19:56:51.380216Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T19:57:57.689Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "thorsten/phpmyfaq",
              "vendor": "thorsten",
              "versions": [
                {
                  "lessThan": "3.2.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-614",
                  "description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-31T00:00:42.138Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"
            },
            {
              "url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55"
            }
          ],
          "source": {
            "advisory": "ec44bcba-ae7f-497a-851e-8165ecf56945",
            "discovery": "EXTERNAL"
          },
          "title": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in thorsten/phpmyfaq"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5866",
        "datePublished": "2023-10-31T00:00:42.138Z",
        "dateReserved": "2023-10-31T00:00:37.064Z",
        "dateUpdated": "2024-09-05T19:57:57.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5867 (GCVE-0-2023-5867)

    Vulnerability from cvelistv5 – Published: 2023-10-31 00:00 – Updated: 2025-02-27 20:38
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    thorsten thorsten/phpmyfaq Affected: unspecified , < 3.2.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.815Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5867",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:32:16.168512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:38:50.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "thorsten/phpmyfaq",
              "vendor": "thorsten",
              "versions": [
                {
                  "lessThan": "3.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-31T00:00:41.524Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0"
            },
            {
              "url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3"
            }
          ],
          "source": {
            "advisory": "5c09b32e-a041-4a1e-a277-eb3e80967df0",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5867",
        "datePublished": "2023-10-31T00:00:41.524Z",
        "dateReserved": "2023-10-31T00:00:37.828Z",
        "dateUpdated": "2025-02-27T20:38:50.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5865 (GCVE-0-2023-5865)

    Vulnerability from cvelistv5 – Published: 2023-10-31 00:00 – Updated: 2024-09-17 13:35
    VLAI
    Title
    Insufficient Session Expiration in thorsten/phpmyfaq
    Summary
    Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    Impacted products
    Vendor Product Version
    thorsten thorsten/phpmyfaq Affected: unspecified , < 3.2.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.309Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5865",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-06T14:18:18.925983Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T13:35:48.990Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "thorsten/phpmyfaq",
              "vendor": "thorsten",
              "versions": [
                {
                  "lessThan": "3.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-31T00:00:40.896Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"
            },
            {
              "url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"
            }
          ],
          "source": {
            "advisory": "4c4b7395-d9fd-4ca0-98d7-2e20c1249aff",
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient Session Expiration in thorsten/phpmyfaq"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5865",
        "datePublished": "2023-10-31T00:00:40.896Z",
        "dateReserved": "2023-10-31T00:00:36.972Z",
        "dateUpdated": "2024-09-17T13:35:48.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5864 (GCVE-0-2023-5864)

    Vulnerability from cvelistv5 – Published: 2023-10-31 00:00 – Updated: 2024-09-17 13:55
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    thorsten thorsten/phpmyfaq Affected: unspecified , < 3.2.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.680Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-17T13:54:56.451025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T13:55:06.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "thorsten/phpmyfaq",
              "vendor": "thorsten",
              "versions": [
                {
                  "lessThan": "3.2.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-31T00:00:19.789Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad"
            },
            {
              "url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa"
            }
          ],
          "source": {
            "advisory": "e4b0e8f4-5e06-49d1-832f-5756573623ad",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5864",
        "datePublished": "2023-10-31T00:00:19.789Z",
        "dateReserved": "2023-10-31T00:00:07.416Z",
        "dateUpdated": "2024-09-17T13:55:06.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5863 (GCVE-0-2023-5863)

    Vulnerability from cvelistv5 – Published: 2023-10-31 00:00 – Updated: 2024-09-05 17:50
    VLAI
    Title
    Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq
    Summary
    Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    thorsten thorsten/phpmyfaq Affected: unspecified , < 3.2.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.308Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5863",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T17:50:00.906566Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T17:50:14.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "thorsten/phpmyfaq",
              "vendor": "thorsten",
              "versions": [
                {
                  "lessThan": "3.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-31T00:00:19.197Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f"
            },
            {
              "url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f"
            }
          ],
          "source": {
            "advisory": "fbfd4e84-61fb-4063-8f11-15877b8c1f6f",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5863",
        "datePublished": "2023-10-31T00:00:19.197Z",
        "dateReserved": "2023-10-31T00:00:06.770Z",
        "dateUpdated": "2024-09-05T17:50:14.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5861 (GCVE-0-2023-5861)

    Vulnerability from cvelistv5 – Published: 2023-10-31 00:00 – Updated: 2024-09-05 17:52
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in microweber/microweber
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    microweber microweber/microweber Affected: unspecified , < 2.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/7baecef8-6c59-42fc-bced-886c4929e220"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/microweber/microweber/commit/6ed7ebf1631dd8f0780caa4151a5538f3b227d26"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5861",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T17:52:21.787701Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T17:52:50.280Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "microweber/microweber",
              "vendor": "microweber",
              "versions": [
                {
                  "lessThan": "2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-31T00:00:18.866Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/7baecef8-6c59-42fc-bced-886c4929e220"
            },
            {
              "url": "https://github.com/microweber/microweber/commit/6ed7ebf1631dd8f0780caa4151a5538f3b227d26"
            }
          ],
          "source": {
            "advisory": "7baecef8-6c59-42fc-bced-886c4929e220",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5861",
        "datePublished": "2023-10-31T00:00:18.866Z",
        "dateReserved": "2023-10-31T00:00:06.133Z",
        "dateUpdated": "2024-09-05T17:52:50.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5862 (GCVE-0-2023-5862)

    Vulnerability from cvelistv5 – Published: 2023-10-31 00:00 – Updated: 2024-09-05 17:54
    VLAI
    Title
    Missing Authorization in hamza417/inure
    Summary
    Missing Authorization in GitHub repository hamza417/inure prior to Build95.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < Build95 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/0e517db6-d8ba-4cb9-9339-7991dda52e6d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/52b8c0bae36f129a5be05e377d7391afc3629df6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5862",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T17:53:30.720082Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T17:54:32.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "Build95",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository hamza417/inure prior to Build95."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-31T00:00:18.766Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/0e517db6-d8ba-4cb9-9339-7991dda52e6d"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/52b8c0bae36f129a5be05e377d7391afc3629df6"
            }
          ],
          "source": {
            "advisory": "0e517db6-d8ba-4cb9-9339-7991dda52e6d",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5862",
        "datePublished": "2023-10-31T00:00:18.766Z",
        "dateReserved": "2023-10-31T00:00:06.449Z",
        "dateUpdated": "2024-09-05T17:54:32.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5833 (GCVE-0-2023-5833)

    Vulnerability from cvelistv5 – Published: 2023-10-30 12:24 – Updated: 2024-09-06 18:05
    VLAI
    Title
    Improper Access Control in mintplex-labs/anything-llm
    Summary
    Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    mintplex-labs mintplex-labs/anything-llm Affected: unspecified , < 0.1.0 (custom)
    Create a notification for this product.
    mintplexlabs anythingllm Affected: 0 , < 0.1.0 (custom)
        cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.079Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/00ec6847-125b-43e9-9658-d3cace1751d6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mintplex-labs/anything-llm/commit/d5b1f84a4c7991987eac3454d4f1b4067841d783"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "anythingllm",
                "vendor": "mintplexlabs",
                "versions": [
                  {
                    "lessThan": "0.1.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5833",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-06T17:45:51.357180Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T18:05:19.093Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mintplex-labs/anything-llm",
              "vendor": "mintplex-labs",
              "versions": [
                {
                  "lessThan": "0.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-30T12:24:14.973Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/00ec6847-125b-43e9-9658-d3cace1751d6"
            },
            {
              "url": "https://github.com/mintplex-labs/anything-llm/commit/d5b1f84a4c7991987eac3454d4f1b4067841d783"
            }
          ],
          "source": {
            "advisory": "00ec6847-125b-43e9-9658-d3cace1751d6",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in mintplex-labs/anything-llm"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5833",
        "datePublished": "2023-10-30T12:24:14.973Z",
        "dateReserved": "2023-10-27T18:46:20.863Z",
        "dateUpdated": "2024-09-06T18:05:19.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5832 (GCVE-0-2023-5832)

    Vulnerability from cvelistv5 – Published: 2023-10-30 12:24 – Updated: 2024-09-06 18:06
    VLAI
    Title
    Improper Input Validation in mintplex-labs/anything-llm
    Summary
    Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    mintplex-labs mintplex-labs/anything-llm Affected: unspecified , < 0.1.0 (custom)
    Create a notification for this product.
    mintplexlabs anythingllm Affected: 0 , < 0.1.0 (custom)
        cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.208Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/afee3726-571f-416e-bba5-0828c815f5df"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mintplex-labs/anything-llm/commit/18798c5b640018aaee924e0afd941705d88df92e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "anythingllm",
                "vendor": "mintplexlabs",
                "versions": [
                  {
                    "lessThan": "0.1.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5832",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-06T17:46:13.626083Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T18:06:11.851Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mintplex-labs/anything-llm",
              "vendor": "mintplex-labs",
              "versions": [
                {
                  "lessThan": "0.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-30T12:24:09.831Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/afee3726-571f-416e-bba5-0828c815f5df"
            },
            {
              "url": "https://github.com/mintplex-labs/anything-llm/commit/18798c5b640018aaee924e0afd941705d88df92e"
            }
          ],
          "source": {
            "advisory": "afee3726-571f-416e-bba5-0828c815f5df",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Input Validation in mintplex-labs/anything-llm"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5832",
        "datePublished": "2023-10-30T12:24:09.831Z",
        "dateReserved": "2023-10-27T18:44:47.169Z",
        "dateUpdated": "2024-09-06T18:06:11.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5844 (GCVE-0-2023-5844)

    Vulnerability from cvelistv5 – Published: 2023-10-30 10:08 – Updated: 2024-09-06 18:09
    VLAI
    Title
    Unverified Password Change in pimcore/admin-ui-classic-bundle
    Summary
    Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-620 - Unverified Password Change
    Assigner
    Impacted products
    Vendor Product Version
    pimcore pimcore/admin-ui-classic-bundle Affected: unspecified , < 1.2.0 (custom)
    Create a notification for this product.
    pimcore admin_classic_bundle Affected: 0 , < 1.2.0 (custom)
        cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.165Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "admin_classic_bundle",
                "vendor": "pimcore",
                "versions": [
                  {
                    "lessThan": "1.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5844",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-06T17:46:52.349297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T18:09:13.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pimcore/admin-ui-classic-bundle",
              "vendor": "pimcore",
              "versions": [
                {
                  "lessThan": "1.2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-620",
                  "description": "CWE-620 Unverified Password Change",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-30T10:08:49.782Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021"
            },
            {
              "url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea"
            }
          ],
          "source": {
            "advisory": "b031199d-192a-46e5-8c02-f7284ad74021",
            "discovery": "EXTERNAL"
          },
          "title": "Unverified Password Change in pimcore/admin-ui-classic-bundle"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5844",
        "datePublished": "2023-10-30T10:08:49.782Z",
        "dateReserved": "2023-10-30T10:08:38.059Z",
        "dateUpdated": "2024-09-06T18:09:13.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5842 (GCVE-0-2023-5842)

    Vulnerability from cvelistv5 – Published: 2023-10-30 00:00 – Updated: 2024-09-06 18:11
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    dolibarr dolibarr/dolibarr Affected: unspecified , < 16.0.5 (custom)
    Create a notification for this product.
    dolibarr dolibarr Affected: 0 , < 16.0.5 (custom)
        cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.259Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dolibarr",
                "vendor": "dolibarr",
                "versions": [
                  {
                    "lessThan": "16.0.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5842",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-06T17:50:34.685068Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T18:11:31.816Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dolibarr/dolibarr",
              "vendor": "dolibarr",
              "versions": [
                {
                  "lessThan": "16.0.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-30T00:00:21.048Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3"
            },
            {
              "url": "https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c"
            }
          ],
          "source": {
            "advisory": "aed81114-5952-46f5-ae3a-e66518e98ba3",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5842",
        "datePublished": "2023-10-30T00:00:21.048Z",
        "dateReserved": "2023-10-30T00:00:06.321Z",
        "dateUpdated": "2024-09-06T18:11:31.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5838 (GCVE-0-2023-5838)

    Vulnerability from cvelistv5 – Published: 2023-10-29 00:00 – Updated: 2024-09-06 19:34
    VLAI
    Title
    Insufficient Session Expiration in linkstackorg/linkstack
    Summary
    Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    Impacted products
    Vendor Product Version
    linkstackorg linkstackorg/linkstack Affected: unspecified , < v4.2.9 (custom)
    Create a notification for this product.
    linkstack linkstack Affected: 0 , < 4.2.9 (custom)
        cpe:2.3:a:linkstack:linkstack:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.168Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/8f6feca3-386d-4897-801c-39b9e3e5eb03"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/linkstackorg/linkstack/commit/02f620092255f07e1d0252a0190fd42ef773ba05"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:linkstack:linkstack:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "linkstack",
                "vendor": "linkstack",
                "versions": [
                  {
                    "lessThan": "4.2.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5838",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-06T19:29:04.079027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T19:34:28.078Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "linkstackorg/linkstack",
              "vendor": "linkstackorg",
              "versions": [
                {
                  "lessThan": "v4.2.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-29T00:00:20.232Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/8f6feca3-386d-4897-801c-39b9e3e5eb03"
            },
            {
              "url": "https://github.com/linkstackorg/linkstack/commit/02f620092255f07e1d0252a0190fd42ef773ba05"
            }
          ],
          "source": {
            "advisory": "8f6feca3-386d-4897-801c-39b9e3e5eb03",
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient Session Expiration in linkstackorg/linkstack"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5838",
        "datePublished": "2023-10-29T00:00:20.232Z",
        "dateReserved": "2023-10-29T00:00:07.232Z",
        "dateUpdated": "2024-09-06T19:34:28.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }