Описание
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.0 (включая) до 5.10 (включая)Версия от 6.0 (исключая) до 6.4 (исключая)
Одно из
cpe:2.3:a:duraspace:dspace:*:*:*:*:*:*:*:*
cpe:2.3:a:duraspace:dspace:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00316
Низкий
7.1 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 7.1
github
больше 3 лет назад
JSPUI Possible Cross Site Scripting in "Request a Copy" Feature
EPSS
Процентиль: 54%
0.00316
Низкий
7.1 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79