Lucene search
K

167 matches found

OSV
OSV
added 2024/06/25 11:45 p.m.28 views

CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execu...

2.6CVSS6.3AI score0.00393EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/06/25 11:45 p.m.46 views

CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execu...

2.6CVSS0.00393EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/25 11:45 p.m.16 views

CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execu...

2.6CVSS6.3AI score0.00393EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/06/25 5:7 p.m.68 views

DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...

2.6CVSS3.2AI score0.00393EPSS
Exploits0References6Affected Software1
Openbugbounty
Openbugbounty
added 2023/06/05 12:59 a.m.6 views

dspace.arpa.puglia.it Cross Site Scripting vulnerability OBB-3389112

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
OSV
OSV
added 2022/08/06 5:48 a.m.3 views

GHSA-8RMH-55H4-93H5 DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import

Impact ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible...

7.2CVSS6.9AI score0.01118EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/08/06 5:48 a.m.5 views

org.dspace.modules:additions (>=4.0 <=5.10), org.dspace.modules:jspui (>=4.0 <=5.10) +18 more potentially affected by CVE-2022-31195 via org.dspace:dspace-api (>=4.0 <=5.10)

org.dspace:dspace-api MAVEN version =4.0, =4.0, =4.0, =4.0, =5.0, =5.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =5.0, =5.10 and more Source cves: CVE-2022-31195 Source advisory: OSV:GHSA-8RMH-55H4-93H5...

7.2CVSS7AI score0.01118EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/08/06 5:48 a.m.9 views

de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +18 more potentially affected by CVE-2022-31195 via org.dspace:dspace-api (>=6.0 <=6.3)

org.dspace:dspace-api MAVEN version =6.0, =6.2.0, =6.2.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.3 and more Source cves: CVE-2022-31195 Source advisory: OSV:GHSA-8RMH-55H4-93H5...

7.2CVSS7AI score0.01118EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/08/06 5:48 a.m.45 views

DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import

Impact ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible...

7.2CVSS6.7AI score0.01118EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/08/06 5:47 a.m.6 views

org.dspace.modules:jspui (>=4.0 <=5.10) potentially affected by CVE-2022-31194 via org.dspace:dspace-jspui (>=4.0 <=5.10)

org.dspace:dspace-jspui MAVEN version =4.0, =4.0, =5.10 Source cves: CVE-2022-31194 Source advisory: OSV:GHSA-QP5M-C3M9-8Q2P...

8.2CVSS7.1AI score0.00886EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/08/06 5:47 a.m.10 views

de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-identifiers-enduring-submission-jspui (=6.3.0) +1 more potentially affected by CVE-2022-31194 via org.dspace:dspace-jspui (>=6.0 <=6.3)

org.dspace:dspace-jspui MAVEN version =6.0, =6.2.0, =6.0, =6.3 Source cves: CVE-2022-31194 Source advisory: OSV:GHSA-QP5M-C3M9-8Q2P...

8.2CVSS7.1AI score0.00886EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/08/06 5:47 a.m.30 views

JSPUI vulnerable to path traversal in submission (resumable) upload

Impact The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters durin...

8.2CVSS6.8AI score0.00886EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/08/06 5:46 a.m.2 views

GHSA-763J-Q7WV-VF3M JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11

Impact The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This vulnerability...

7.1CVSS5.8AI score0.00579EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/08/06 5:46 a.m.5 views

org.dspace.modules:jspui (>=4.0 <=5.10) potentially affected by CVE-2022-31193 via org.dspace:dspace-jspui (>=4.0 <=5.10)

org.dspace:dspace-jspui MAVEN version =4.0, =4.0, =5.10 Source cves: CVE-2022-31193 Source advisory: OSV:GHSA-763J-Q7WV-VF3M...

7.1CVSS6.7AI score0.00579EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/08/06 5:46 a.m.5 views

de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-identifiers-enduring-submission-jspui (=6.3.0) +1 more potentially affected by CVE-2022-31193 via org.dspace:dspace-jspui (>=6.0 <=6.3)

org.dspace:dspace-jspui MAVEN version =6.0, =6.2.0, =6.0, =6.3 Source cves: CVE-2022-31193 Source advisory: OSV:GHSA-763J-Q7WV-VF3M...

7.1CVSS6.7AI score0.00579EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/08/06 5:46 a.m.41 views

JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11

Impact The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This vulnerability...

7.1CVSS6.1AI score0.00579EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/08/06 5:46 a.m.4 views

de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-identifiers-enduring-submission-jspui (=6.3.0) +1 more potentially affected by CVE-2022-31192 via org.dspace:dspace-jspui (>=6.0 <=6.3)

org.dspace:dspace-jspui MAVEN version =6.0, =6.2.0, =6.0, =6.3 Source cves: CVE-2022-31192 Source advisory: OSV:GHSA-4WM8-C2VV-XRPQ...

7.1CVSS6.7AI score0.00611EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/08/06 5:46 a.m.2 views

org.dspace.modules:jspui (>=5.0 <=5.10) potentially affected by CVE-2022-31192 via org.dspace:dspace-jspui (>=5.0 <=5.10)

org.dspace:dspace-jspui MAVEN version =5.0, =5.0, =5.10 Source cves: CVE-2022-31192 Source advisory: OSV:GHSA-4WM8-C2VV-XRPQ...

7.1CVSS6.7AI score0.00611EPSS
Exploits0
OSV
OSV
added 2022/08/06 5:46 a.m.3 views

GHSA-4WM8-C2VV-XRPQ JSPUI Possible Cross Site Scripting in "Request a Copy" Feature

Impact The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact the XMLUI or 7.x. Patches...

7.1CVSS5.8AI score0.00611EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/08/06 5:46 a.m.48 views

JSPUI Possible Cross Site Scripting in "Request a Copy" Feature

Impact The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact the XMLUI or 7.x. Patches...

7.1CVSS5.7AI score0.00611EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder