{"id":"CVE-2023-5626","summary":"Cross-Site Request Forgery (CSRF) in pkp/ojs","details":"Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16.","modified":"2026-07-08T06:41:28.642886947Z","published":"2023-10-17T23:22:41.615Z","database_specific":{"cna_assigner":"@huntrdev","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5626.json","cwe_ids":["CWE-352"]},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/c99279c1-709a-4e7b-a042-010c2bb44d6b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5626.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5626"},{"type":"FIX","url":"https://github.com/pkp/ojs/commit/99a9f393190383454aa5ddffedffc89596f6c682"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pkp/ojs","events":[{"introduced":"0"},{"fixed":"dd7b65632b7beeb4f076415ea5e9706f588434c3"},{"fixed":"99a9f393190383454aa5ddffedffc89596f6c682"}],"database_specific":{"source":["CPE_RANGE","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"3.3.0-16"}],"cpe":"cpe:2.3:a:sfu:open_journal_system:*:*:*:*:*:*:*:*"}}],"versions":["3_3_0-15","3_3_0-14","3_3_0-13","3_3_0-12","3_3_0-11","3_3_0-10","3_3_0-9","3_3_0-8","3_3_0-7","3_3_0-6","3_3_0-5","3_3_0-4","3_3_0-3","3_3_0-2","3_3_0-1","3_3_0-0","3_2_0-0","ojs-3_0b1","ojs-3_0a1","ojs-2_4_0-0","ojs-2_3_3-1","ojs-2_3_3-0","ojs-2_3_0-0","ojs-2_3_0-0rc1","ojs2-base-2_2_2","ojs-2_2_1-0","ojs-2_2_1-b1","ojs-2_2_0-0","ojs-2_2_0-b2","ojs-2_2_0-b1","ojs-2_1_1-0","ojs-2_1_1rc4","ojs-2_1_0-1","ojs-2_1_0-0","ojs-2_1b","ojs-2_0_2-1","ojs-2_0_2-0","ojs-2_0_1-0","ojs-2_0_0-0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5626.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}]}