sfu 漏洞與 CVE 列表(18)

產品(CPE): — CVE 數: 18

sfu 漏洞概覽

彙總 sfu 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括 跨站腳本與CSRF,在 生產負載與軟體部署 使用場景中可能帶來 工作階段劫持 等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 11818 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2024-25436 A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function. [email protected] 6.1 0.44% 2024-03-01 2026-06-17
CVE-2023-5904 Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. [email protected] 5.4 0.45% 2023-11-06 2026-06-17
CVE-2023-5903 Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. [email protected] 5.4 0.35% 2023-11-06 2026-06-17
CVE-2023-5902 Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. [email protected] 4.3 0.26% 2023-11-06 2026-06-17
CVE-2023-5901 Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16. [email protected] 3.5 0.46% 2023-11-06 2026-06-17
CVE-2023-5900 Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16. [email protected] 3.5 0.24% 2023-11-06 2026-06-17
CVE-2023-47271 PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image. [email protected] 5.3 0.62% 2023-11-05 2026-06-17
CVE-2023-5897 Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1. [email protected] 8.8 0.22% 2023-10-31 2026-06-17
CVE-2023-5896 Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4. [email protected] 5.4 0.34% 2023-10-31 2026-06-17
CVE-2023-5895 Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16. [email protected] 5.4 0.41% 2023-10-31 2026-06-17
CVE-2023-5894 Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16. [email protected] 5.4 0.40% 2023-10-31 2026-06-17
CVE-2023-5893 Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. [email protected] 8.8 0.26% 2023-10-31 2026-06-17
CVE-2023-5892 Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. [email protected] 5.4 0.40% 2023-10-31 2026-06-17
CVE-2023-5891 Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16. [email protected] 5.4 0.40% 2023-10-31 2026-06-17
CVE-2023-5890 Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. [email protected] 5.4 0.40% 2023-10-31 2026-06-17
CVE-2023-5626 Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16. [email protected] 8.8 0.26% 2023-10-17 2026-06-17
CVE-2019-19909 An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used. [email protected] 8.8 1.39% 2019-12-19 2026-06-16
CVE-2018-12229 Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author field). [email protected] 6.1 1.80% 2018-06-12 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence