34 matches found
CVE-2022-31190 Metadata of withdrawn Items is exposed to anonymous users in DSpace XMLUI
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn...
CVE-2022-31190 Metadata of withdrawn Items is exposed to anonymous users in DSpace XMLUI
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn...
DSpace 信息泄露漏洞
DSpace is an open source turnkey repository application from the DuraSpace community. An information disclosure vulnerability exists in DSpace versions prior to 6.4, which stems from the fact that metadata for revoked projects in dspace-xmlui is exposed to the XMLUImets.xml object...
GHSA-4M9R-5GQP-7J82 High severity vulnerability that affects org.dspace:dspace-xmlui
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI...
org.dspace.modules:xmlui (>=3.0 <=3.5) potentially affected by CVE-2016-10726 via org.dspace:dspace-xmlui (>=3.0 <=3.5)
org.dspace:dspace-xmlui MAVEN version =3.0, =3.0, =3.5 Source cves: CVE-2016-10726 Source advisory: OSV:GHSA-4M9R-5GQP-7J82...
org.dspace.modules:xmlui (>=4.0 <=4.1) potentially affected by CVE-2016-10726 via org.dspace:dspace-xmlui (>=4.0 <=4.1)
org.dspace:dspace-xmlui MAVEN version =4.0, =4.0, =4.1 Source cves: CVE-2016-10726 Source advisory: OSV:GHSA-4M9R-5GQP-7J82...
org.dataone.dspace:auto-versioning-xmlui (>=5.4.0 <=5.4.2), org.dspace.modules:xmlui (>=5.0 <=5.11) potentially affected by CVE-2016-10726 via org.dspace:dspace-xmlui (>=5.0 <=5.4)
org.dspace:dspace-xmlui MAVEN version =5.0, =5.4.0, =5.0, =5.11 Source cves: CVE-2016-10726 Source advisory: OSV:GHSA-4M9R-5GQP-7J82...
High severity vulnerability that affects org.dspace:dspace-xmlui
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI...
Dspace Directory Traversal Vulnerability
Dspace is an open source digital asset management system. The system is primarily used to manage and distribute data consisting of digital files or "bitstreams". A directory traversal vulnerability exists in the XMLUI functionality in Dspace versions prior to 3.6, 4.x versions prior to 4.5, and 5...
Directory traversal
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI...
CVE-2016-10726
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI...
CVE-2016-10726
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI...
CVE-2016-10726
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI...
CVE-2016-10726
CVE-2016-10726 affects the DSpace XMLUI component. It describes a directory traversal vulnerability in the XMLUI feature present in DSpace versions: before 3.6, 4.x before 4.5, and 5.x before 5.5. The underlying issue is traversal via the themes/ path when a URI contains two or more arbitrary cha...