Lucene search

CVE-2024-38364

🗓️ 26 Jun 2024 00:10:15Reported by [email protected]Type

DSpace 7.0 through 7.6.1 allows XSS attack via HTML, XML or JavaScript Bitstream download

Reporter	Title	Published	Views	Family All 7
OSV	GHSA-94CC-XJXR-PWVF DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document	25 Jun 202417:07	–	osv
OSV	CVE-2024-38364	26 Jun 202400:15	–	osv
Cvelist	CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document	25 Jun 202423:45	–	cvelist
CVE	CVE-2024-38364	26 Jun 202400:15	–	cve
Vulnrichment	CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document	25 Jun 202423:45	–	vulnrichment
Github Security Blog	DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document	25 Jun 202417:07	–	github
Veracode	Cross-site Scripting (XSS)	26 Jun 202406:57	–	veracode

Source	Link
github	www.github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b
github	www.github.com/DSpace/DSpace/pull/8891
github	www.github.com/DSpace/DSpace/pull/9638
github	www.github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Jun 2024 00:15Current

CVSS32.6

EPSS0.00247

CWE-79