Lucene search
K

167 matches found

Github Security Blog
Github Security Blog
added 2022/08/06 5:46 a.m.46 views

JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting

Impact The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. This...

7.1CVSS6.2AI score0.00624EPSS
Exploits0References7Affected Software1
vulnersOsv
vulnersOsv
added 2022/08/06 5:46 a.m.3 views

org.dspace.modules:jspui (>=4.0 <=5.10) potentially affected by CVE-2022-31191 via org.dspace:dspace-jspui (>=4.0 <=5.10)

org.dspace:dspace-jspui MAVEN version =4.0, =4.0, =5.10 Source cves: CVE-2022-31191 Source advisory: OSV:GHSA-C558-5GFM-P2R8...

7.1CVSS6.7AI score0.00624EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/08/06 5:46 a.m.3 views

de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-identifiers-enduring-submission-jspui (=6.3.0) +1 more potentially affected by CVE-2022-31191 via org.dspace:dspace-jspui (>=6.0 <=6.3)

org.dspace:dspace-jspui MAVEN version =6.0, =6.2.0, =6.0, =6.3 Source cves: CVE-2022-31191 Source advisory: OSV:GHSA-C558-5GFM-P2R8...

7.1CVSS6.7AI score0.00624EPSS
Exploits0
OSV
OSV
added 2022/08/06 5:46 a.m.36 views

GHSA-C558-5GFM-P2R8 JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting

Impact The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. This...

7.1CVSS6.6AI score0.00624EPSS
Exploits0References7
OSV
OSV
added 2022/08/06 5:40 a.m.1 views

GHSA-7W85-PP86-P4PQ XMLUI's metadata of withdrawn Items is exposed to anonymous users

Impact Metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. However, this vulnerability is very low severity as Item metadata does not tend to contain highly secure or sensitiv...

5.3CVSS6AI score0.00712EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/08/06 5:40 a.m.31 views

XMLUI's metadata of withdrawn Items is exposed to anonymous users

Impact Metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. However, this vulnerability is very low severity as Item metadata does not tend to contain highly secure or sensitiv...

5.3CVSS5.3AI score0.00712EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/08/06 5:40 a.m.5 views

org.dataone.dspace:auto-versioning-xmlui (>=5.4.0 <=5.4.2), org.dspace.modules:xmlui (>=4.0 <=6.3) potentially affected by CVE-2022-31190 via org.dspace:dspace-xmlui (>=4.0 <=6.3)

org.dspace:dspace-xmlui MAVEN version =4.0, =5.4.0, =4.0, =6.3 Source cves: CVE-2022-31190 Source advisory: OSV:GHSA-7W85-PP86-P4PQ...

5.3CVSS6AI score0.00712EPSS
Exploits0
OSV
OSV
added 2022/08/06 5:39 a.m.13 views

GHSA-C2J7-66M3-R4FF JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization

Impact When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact...

5.3CVSS5.7AI score0.00582EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/08/06 5:39 a.m.29 views

JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization

Impact When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact...

5.3CVSS5.3AI score0.00582EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/08/02 9:27 a.m.18 views

Information Disclosure

dspace-xmlui is vulnerable to information disclosure. The vulnerability exists because the generate function of DSpaceMETSGenerator.java does not properly check the read permissions for METS values, allowing an attacker to gain sensitive information through the XMLUI mets.xml object...

5.3CVSS5.2AI score0.00712EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2022/08/02 6:8 a.m.18 views

Path Traversal

org.dspace:dspace-jspui is vulnerable to path traversal. The vulnerability exists due to the resumable upload implementations in SubmissionController and FileUploadRequest components, which allows an attacker to modify request parameters during submission and create files or directories anywhere ...

8.2CVSS6.8AI score0.00886EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2022/08/02 6:6 a.m.20 views

Information Disclosure

dspace-jspui is vulnerable to information disclosure. The vulnerability exists because the doGet function of InternalErrorServlet.java does not properly sanitize the internal system error exceptions and stack traces, allowing an attacker to gain sensitive information through the exceptions and...

5.3CVSS5.3AI score0.00582EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2022/08/02 4:56 a.m.27 views

Open Redirect

dspace-jspui is vulnerable to open redirect attacks. The vulnerability exists through the controlled vocabulary feature in the doDSGet function of ControlledVocabularyServlet.java, allowing an attacker to redirect to malicious websites by providing maliciously crafted urls...

7.1CVSS6.1AI score0.00579EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/08/01 9:15 p.m.41 views

CVE-2022-31189

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...

5.3CVSS0.00582EPSS
Exploits0References2
NVD
NVD
added 2022/08/01 9:15 p.m.42 views

CVE-2022-31194

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...

8.2CVSS0.00886EPSS
Exploits0References3
NVD
NVD
added 2022/08/01 9:15 p.m.47 views

CVE-2022-31192

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

7.1CVSS0.00611EPSS
Exploits0References3
NVD
NVD
added 2022/08/01 9:15 p.m.32 views

CVE-2022-31193

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a...

7.1CVSS0.00579EPSS
Exploits0References3
NVD
NVD
added 2022/08/01 9:15 p.m.39 views

CVE-2022-31191

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

7.1CVSS0.00624EPSS
Exploits0References5
NVD
NVD
added 2022/08/01 9:15 p.m.42 views

CVE-2022-31195

DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...

7.2CVSS0.01118EPSS
Exploits0References3
Prion
Prion
added 2022/08/01 9:15 p.m.23 views

Path traversal

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...

5.8CVSS6.8AI score0.00886EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder