4 matches found
CVE-2022-31191
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...
org.dspace.modules:jspui (>=4.0 <=5.10) potentially affected by CVE-2022-31191 via org.dspace:dspace-jspui (>=4.0 <=5.10)
org.dspace:dspace-jspui MAVEN version =4.0, =4.0, =5.10 Source cves: CVE-2022-31191 Source advisory: OSV:GHSA-C558-5GFM-P2R8...
CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...
CVE-2022-31191
DSpace JSPUI is vulnerable to Cross-Site Scripting due to improper escaping of displayed text in the spellcheck and autocomplete components (data-spell attribute escaped, but not the rendered text). Affected product: DSpace JSPUI (not XMLUI/7.x). Root cause: HTML escaping gaps in the JSPUI spellc...