CVE-2023-5891

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 1, 2023

Updated: Nov 9, 2023

CWE ID 79

Summary

CVE-2023-5891 is a Cross-Site Scripting (XSS) vulnerability affecting the GitHub repository pkp/pkp-lib before version 3.3.0-16. Malicious actors could exploit this issue by injecting malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their browsing sessions. This vulnerability poses a significant risk, as it can be triggered through refined attack vectors, making it crucial for users to upgrade to the patched version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Simon Fraser University

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tOZ_Jg
https://www.cve.org/CVERecord?id=CVE-2023-5891
https://nvd.nist.gov/vuln/detail/CVE-2023-5891

Back to Vulnerability Database

CVE-2023-5891

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations