Cross-site Scripting (XSS)

dspace-jspui is vulnerable to cross-site scripting. The vulnerability exists because the discovery.jsp does not properly escape the data-spell attribute text and the autocomplete text before being rendered on the page, allowing an attacker to inject and execute malicious javascript...