CVE-2023-5900: Cross-Site Request Forgery in pkp/pkp-lib
3.5
CVSS
Description
Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
Classification
CVE ID: CVE-2023-5900
CVSS Base Severity: LOW
CVSS Base Score: 3.5
Affected Products
Vendor: pkp
Product: pkp/pkp-lib
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.06% (probability of being exploited)
EPSS Percentile: 27.82% (scored less or equal to compared to others)
EPSS Date: 2025-02-03 (when was this score calculated)
References
https://huntr.com/bounties/c3f011d4-9f76-4b2b-b3d4-a5e2ecd2e354https://github.com/pkp/pkp-lib/commit/4d77a00be9050fac7eb8d2d1cbedcdaaa1a5a803