{"id":"CVE-2023-5902","summary":"Cross-Site Request Forgery (CSRF) in pkp/pkp-lib","details":"Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.","modified":"2026-04-10T05:07:12.695521Z","published":"2023-11-01T00:00:41.753Z","database_specific":{"cna_assigner":"@huntrdev","cwe_ids":["CWE-352"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5902.json"},"references":[{"type":"WEB","url":"https://huntr.com/bounties/8b93c7bf-5052-424a-85cc-7e5491c61f20"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5902.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5902"},{"type":"FIX","url":"https://github.com/pkp/pkp-lib/commit/2d04e770d2bbbdd899fdec382fbf2a1d4a4ffec8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pkp/pkp-lib","events":[{"introduced":"0"},{"fixed":"07254d23dd48f2399972328bd149c8ebf578c47d"}]}],"versions":["3_2_0-0","3_2_0-1","3_2_1rc1","3_3_0-0","3_3_0-1","3_3_0-10","3_3_0-11","3_3_0-12","3_3_0-13","3_3_0-14","3_3_0-15","3_3_0-2","3_3_0-3","3_3_0-4","3_3_0-5","3_3_0-6","3_3_0-7","3_3_0-8","3_3_0-9","harvester-2_3_0-0","harvester-2_3_0b1","ohs-2_3_1-0","ojs-2_3_0-0rc1","ojs-2_3_3-0","ojs-2_3_3-1","ojs-2_4_0-0","ojs-3_0_1-0","ojs-3_0_2-0","ojs-3_0a1","ojs-3_0b1","ojs-3_1_1-0","omp-0_9_9-0","omp-1_2_0-0","omp-3_1_0-0","omp-3_1_1-0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5902.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}