{"id":"CVE-2023-5900","summary":"Cross-Site Request Forgery in pkp/pkp-lib","details":"Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.\n\n","modified":"2026-04-09T09:52:16.569788Z","published":"2023-11-01T00:00:42.738Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5900.json","cwe_ids":["CWE-352"],"cna_assigner":"@huntrdev"},"references":[{"type":"WEB","url":"https://huntr.com/bounties/c3f011d4-9f76-4b2b-b3d4-a5e2ecd2e354"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5900.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5900"},{"type":"FIX","url":"https://github.com/pkp/pkp-lib/commit/4d77a00be9050fac7eb8d2d1cbedcdaaa1a5a803"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pkp/pkp-lib","events":[{"introduced":"0"},{"fixed":"07254d23dd48f2399972328bd149c8ebf578c47d"}]}],"versions":["3_2_0-0","3_2_0-1","3_2_1rc1","3_3_0-0","3_3_0-1","3_3_0-10","3_3_0-11","3_3_0-12","3_3_0-13","3_3_0-14","3_3_0-15","3_3_0-2","3_3_0-3","3_3_0-4","3_3_0-5","3_3_0-6","3_3_0-7","3_3_0-8","3_3_0-9","harvester-2_3_0-0","harvester-2_3_0b1","ohs-2_3_1-0","ojs-2_3_0-0rc1","ojs-2_3_3-0","ojs-2_3_3-1","ojs-2_4_0-0","ojs-3_0_1-0","ojs-3_0_2-0","ojs-3_0a1","ojs-3_0b1","ojs-3_1_1-0","omp-0_9_9-0","omp-1_2_0-0","omp-3_1_0-0","omp-3_1_1-0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5900.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}]}