Alec Smecher

19 exploits Active since Jun 2018
CVE-2018-12588 WRITEUP MEDIUM WRITEUP
Open Monograph Press 1.2.0-3.1.1-2 - Cross-Site Scripting via Search Field
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field).
CVSS 6.1
CVE-2023-4695 WRITEUP HIGH WRITEUP
GitHub pkp/pkp-lib <3.3.0-16 - Info Disclosure
Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 8.1
CVE-2023-5626 WRITEUP HIGH WRITEUP
Open Journal System < 3.3.0-16 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16.
CVSS 8.8
CVE-2023-5889 WRITEUP HIGH WRITEUP
pkp/pkp_web_application_library < 3.3.0-16 - Insufficient Session Expiration
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 8.2
CVE-2023-5890 WRITEUP MEDIUM WRITEUP
pkp_web_application_library < 3.3.0-16 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 5.4
CVE-2023-5891 WRITEUP MEDIUM WRITEUP
pkp_web_application_library < 3.3.0-16 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 5.4
CVE-2023-5892 WRITEUP MEDIUM WRITEUP
pkp_web_application_library < 3.3.0-16 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 5.4
CVE-2023-5893 WRITEUP HIGH WRITEUP
pkp_web_application_library < 3.3.0-16 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 8.8
CVE-2023-5894 WRITEUP MEDIUM WRITEUP
Open Journal Systems < 3.3.0-16 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.
CVSS 5.4
CVE-2023-5895 WRITEUP MEDIUM WRITEUP
pkp_web_application_library < 3.3.0-16 - DOM-Based Cross-Site Scripting
Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 5.4
CVE-2023-5896 WRITEUP MEDIUM WRITEUP
pkp_web_application_library < 3.4.0-4 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.
CVSS 5.4
CVE-2023-5897 WRITEUP HIGH WRITEUP
customlocale < 1.2.0-1 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1.
CVSS 8.8
CVE-2023-5898 WRITEUP HIGH WRITEUP
pkp/pkp_web_application_library < 3.3.0-16 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 8.8
CVE-2023-5899 WRITEUP HIGH WRITEUP
pkp_web_application_library < 3.3.0-16 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 8.8
CVE-2023-5900 WRITEUP LOW WRITEUP
pkp_web_application_library < 3.3.0-16 - Cross-Site Request Forgery
Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 3.5
CVE-2023-5901 WRITEUP LOW WRITEUP
pkp_web_application_library < 3.3.0-16 - Cross-Site Scripting
Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 3.5
CVE-2023-5902 WRITEUP MEDIUM WRITEUP
pkp_web_application_library < 3.3.0-15 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 4.3
CVE-2023-5903 WRITEUP MEDIUM WRITEUP
pkp_web_application_library < 3.3.0-15 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 5.4
CVE-2023-5904 WRITEUP MEDIUM WRITEUP
pkp_web_application_library < 3.3.0-15 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS 5.4