Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.10 views

CVE-2022-31191

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

7.1CVSS6.4AI score0.00624EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/08/06 5:46 a.m.3 views

org.dspace.modules:jspui (>=4.0 <=5.10) potentially affected by CVE-2022-31191 via org.dspace:dspace-jspui (>=4.0 <=5.10)

org.dspace:dspace-jspui MAVEN version =4.0, =4.0, =5.10 Source cves: CVE-2022-31191 Source advisory: OSV:GHSA-C558-5GFM-P2R8...

7.1CVSS6.7AI score0.00624EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/08/01 8:30 p.m.6 views

CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

7.1CVSS6.7AI score0.00624EPSS
Exploits0References5
CVE
CVE
added 2022/08/01 8:30 p.m.82 views

CVE-2022-31191

DSpace JSPUI is vulnerable to Cross-Site Scripting due to improper escaping of displayed text in the spellcheck and autocomplete components (data-spell attribute escaped, but not the rendered text). Affected product: DSpace JSPUI (not XMLUI/7.x). Root cause: HTML escaping gaps in the JSPUI spellc...

7.1CVSS6.2AI score0.00624EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder