CVSS 3.1 Score 8.8 of 10 (high)


Published Nov 1, 2023
Updated: Nov 8, 2023
CWE ID 352


CVE-2023-5893 is a Cross-Site Request Forgery (CSRF) vulnerability found in the GitHub repository pkp/pkp-lib prior to version 3.3.0-16. This vulnerability affects multiple products including tSyx1A, tSyx1B, tSyx1C, and others. The risk score for this vulnerability is 65, indicating a high level of severity. Exploiting this vulnerability requires no privileges and user interaction is required. The attack vector is through the network, and it has a high impact on both integrity and confidentiality of the affected systems. It has been rated as a primary vulnerability with a base score of 8.8 out of 10. Organizations should update their pkp/pkp-lib to version 3.3.0-16 or higher to remediate this vulnerability and prevent potential attacks that could lead to unauthorized actions or data breaches.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5893 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options