Количество 2
Количество 2
CVE-2022-31193
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability.
GHSA-763j-q7wv-vf3m
JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-31193 DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability. | CVSS3: 7.1 | 0% Низкий | больше 3 лет назад |
| GHSA-763j-q7wv-vf3m JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11 | CVSS3: 7.1 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу