Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pkp — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting pkp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PKP is an open-source software suite for scholarly publishing, primarily used by academic institutions to manage journals, conferences, and submission processes. Historically, common vulnerabilities include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and access controls. Notable security characteristics include its widespread adoption in critical research infrastructure, making it a target for exploitation. While no major public incidents have been widely documented, the 19 CVEs on record highlight ongoing security challenges, particularly in areas like file handling and authentication. The software's complex architecture and extensive plugin ecosystem contribute to potential attack surfaces, requiring diligent maintenance and prompt patching by users.

Top products by pkp: pkp/pkp-lib pkp/ojs pkp/customLocale ojs
CVE IDTitleCVSSSeverityPublished
CVE-2024-7902 pkp ojs signOut redirect — ojsCWE-601 4.3 Medium2024-08-17
CVE-2023-5904 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib — pkp/pkp-libCWE-79 5.4 -2023-11-01
CVE-2023-5903 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib — pkp/pkp-libCWE-79 5.4 -2023-11-01
CVE-2023-5901 Cross-site Scripting in pkp/pkp-lib — pkp/pkp-libCWE-79 3.5 Low2023-11-01
CVE-2023-5900 Cross-Site Request Forgery in pkp/pkp-lib — pkp/pkp-libCWE-352 3.5 Low2023-11-01
CVE-2023-5898 Cross-Site Request Forgery (CSRF) in pkp/pkp-lib — pkp/pkp-libCWE-352 8.1 -2023-11-01
CVE-2023-5897 Cross-Site Request Forgery (CSRF) in pkp/customLocale — pkp/customLocaleCWE-352 8.1 -2023-11-01
CVE-2023-5896 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib — pkp/pkp-libCWE-79 5.4 -2023-11-01
CVE-2023-5902 Cross-Site Request Forgery (CSRF) in pkp/pkp-lib — pkp/pkp-libCWE-352 8.1 -2023-11-01
CVE-2023-5899 Cross-Site Request Forgery (CSRF) in pkp/pkp-lib — pkp/pkp-libCWE-352 8.1 -2023-11-01
CVE-2023-5892 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib — pkp/pkp-libCWE-79 5.4 -2023-11-01
CVE-2023-5889 Insufficient Session Expiration in pkp/pkp-lib — pkp/pkp-libCWE-613 9.4 -2023-11-01
CVE-2023-5891 Cross-site Scripting (XSS) - Reflected in pkp/pkp-lib — pkp/pkp-libCWE-79 6.1 -2023-11-01
CVE-2023-5893 Cross-Site Request Forgery (CSRF) in pkp/pkp-lib — pkp/pkp-libCWE-352 8.1 -2023-11-01
CVE-2023-5894 Cross-site Scripting (XSS) - Stored in pkp/ojs — pkp/ojsCWE-79 5.4 -2023-11-01
CVE-2023-5895 Cross-site Scripting (XSS) - DOM in pkp/pkp-lib — pkp/pkp-libCWE-79 6.1 -2023-11-01
CVE-2023-5890 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib — pkp/pkp-libCWE-79 5.4 -2023-11-01
CVE-2023-5626 Cross-Site Request Forgery (CSRF) in pkp/ojs — pkp/ojsCWE-352 8.1 -2023-10-17
CVE-2023-4695 Use of Predictable Algorithm in Random Number Generator in pkp/pkp-lib — pkp/pkp-libCWE-1241 7.5 -2023-09-01

This page lists every published CVE security advisory associated with pkp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.