sfu CVE Vulnerabilities & CVE List (18)

Products (CPE): — CVEs: 18

sfu vulnerability overview

Aggregates CVE and security vulnerability intelligence across all sfu-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Common weakness patterns include vendor risk cross-site scripting and vendor risk csrf, with potential vendor impact session compromise across vendor surface production workloads and vendor surface software deployment use cases.

Vulnerability distribution trend (last 24 months)

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2024-25436	A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.	[email protected]	6.1	0.21%	2024-03-01	2025-03-28
CVE-2023-5904	Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.	[email protected]	5.4	0.31%	2023-11-07	2024-11-21
CVE-2023-5903	Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.	[email protected]	5.4	0.35%	2023-11-07	2024-11-21
CVE-2023-5902	Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.	[email protected]	4.3	0.15%	2023-11-07	2024-11-21
CVE-2023-5901	Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.	[email protected]	3.5	0.20%	2023-11-07	2024-11-21
CVE-2023-5900	Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.	[email protected]	3.5	0.05%	2023-11-07	2024-11-21
CVE-2023-47271	PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.	[email protected]	5.3	0.12%	2023-11-06	2024-11-21
CVE-2023-5897	Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1.	[email protected]	8.8	0.06%	2023-11-01	2024-11-21
CVE-2023-5896	Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.	[email protected]	5.4	0.07%	2023-11-01	2024-11-21
CVE-2023-5895	Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.	[email protected]	5.4	0.07%	2023-11-01	2024-11-21
CVE-2023-5894	Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.	[email protected]	5.4	0.07%	2023-11-01	2024-11-21
CVE-2023-5893	Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.	[email protected]	8.8	0.06%	2023-11-01	2024-11-21
CVE-2023-5892	Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.	[email protected]	5.4	0.08%	2023-11-01	2024-11-21
CVE-2023-5891	Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.	[email protected]	5.4	0.08%	2023-11-01	2024-11-21
CVE-2023-5890	Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.	[email protected]	5.4	0.08%	2023-11-01	2024-11-21
CVE-2023-5626	Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16.	[email protected]	8.8	0.06%	2023-10-18	2024-11-21
CVE-2019-19909	An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.	[email protected]	8.8	0.73%	2019-12-19	2024-11-21
CVE-2018-12229	Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author field).	[email protected]	6.1	0.40%	2018-06-12	2024-11-21

cvelogic Threat Intelligence