CVE-2025-67892 | pkp pkp-lib Login csrfToken cross-site request forgery

Inserito da Angelo Barbosa | Dic 28, 2025 | CVE

A vulnerability was found in pkp pkp-lib. It has been declared as problematic. The impacted element is an unknown function of the component Login. Executing manipulation of the argument csrfToken can lead to cross-site request forgery.

The identification of this vulnerability is CVE-2025-67892. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-67892 | pkp pkp-lib Login csrfToken cross-site request forgery

Post correlati

CVE-2024-38568 | Linux Kernel up to 6.1.92/6.6.32/6.8.11/6.9.2 drivers event_group array index

CVE-2024-11501 | Gallery Plugin up to 1.3 on WordPress code injection

CVE-2024-12439 | Marketplace Items Plugin up to 1.5.5 on WordPress Shortcode cross site scripting

CVE-2025-5723 | SourceCodester Student Result Management System 1.0 Classes Page /script/academic/classes Class Name cross site scripting