{"id":"CVE-2023-5894","summary":"Cross-site Scripting (XSS) - Stored in pkp/ojs","details":"Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.","modified":"2026-04-10T05:07:21.886775Z","published":"2023-11-01T00:00:18.898Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5894.json","cwe_ids":["CWE-79"],"cna_assigner":"@huntrdev"},"references":[{"type":"WEB","url":"https://huntr.com/bounties/aba3ba5b-aa6b-4076-b663-4237b4a0761d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5894.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5894"},{"type":"FIX","url":"https://github.com/pkp/ojs/commit/66927de1a82e3a3004db9741d1505ddac0980e63"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pkp/ojs","events":[{"introduced":"0"},{"fixed":"dd7b65632b7beeb4f076415ea5e9706f588434c3"}]}],"versions":["3_2_0-0","3_3_0-0","3_3_0-1","3_3_0-10","3_3_0-11","3_3_0-12","3_3_0-13","3_3_0-14","3_3_0-15","3_3_0-2","3_3_0-3","3_3_0-4","3_3_0-5","3_3_0-6","3_3_0-7","3_3_0-8","3_3_0-9","ojs-2_0_0-0","ojs-2_0_1-0","ojs-2_0_2-0","ojs-2_0_2-1","ojs-2_1_0-0","ojs-2_1_0-1","ojs-2_1_1-0","ojs-2_1_1rc4","ojs-2_1b","ojs-2_2_0-0","ojs-2_2_0-b1","ojs-2_2_0-b2","ojs-2_2_1-0","ojs-2_2_1-b1","ojs-2_3_0-0","ojs-2_3_0-0rc1","ojs-2_3_3-0","ojs-2_3_3-1","ojs-2_4_0-0","ojs-3_0a1","ojs-3_0b1","ojs2-base-2_2_2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5894.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"}]}