GHSA-4WM8-C2VV-XRPQ JSPUI Possible Cross Site Scripting in "Request a Copy" Feature

Impact The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact the XMLUI or 7.x. Patches...

Cross-site Scripting (XSS)

org.dspace:dspace-jspui is vulnerable to cross-site scriptingXSS attacks. The Request a Copy feature does not properly escape values submitted and stored from the Request a Copy form, which allows an attacker to inject and execute malicious javascript through the parameters in processForm functio...

CVE-2022-31192

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

CVE-2022-31192 Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

CVE-2022-31192 Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

PT-2022-20601 · Dspace · Dspace

Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 5.11 DSpace versions prior to 6.4 Description: The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form, making item requests vulnerable to XSS attacks. Th...

Dspace 跨站脚本漏洞

Dspace is an open source turnkey repository application from the DuraSpace community. A cross-site scripting vulnerability exists in versions prior to DSpace 6.4, which stems from the Request a Copy feature in dspace-jspui failing to properly escape form submitted and stored values...