Cross-Site Request Forgery on OPEN JOURNAL SYSTEMS

Posted date 11/12/2023

Importance

3 - Medium

Affected Resources

OPEN JOURNAL SYSTEMS, version 3.3.0.13.

Description

INCIBE has coordinated the publication of a vulnerability affecting OJS (OPEN JOURNAL SYSTEMS), an open source solution for the management and publication of online academic journals, in its version 3.3.0.13, which has been discovered by David Cámara Galindo, from Telefónica Tech.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

CVE-2023-6671: CVSS v3.1: 6.3 | CVSS: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-352.

Solution

There is no reported solution at this time.

Detail

CVE-2023-6671: a vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.

References list

DOWNLOAD AND INSTALL OJS

Etiquetas

0day
CNA
Education
Vulnerability