CVE-2025-61190

A Reflected Cross-Site Scripting XSS vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filtertype1 parameter...

CVE-2025-61190

A Reflected Cross-Site Scripting XSS vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filtertype1 parameter...

CVE-2025-61190

CVE-2025-61190 affects DSpace JSPUI 6.5, specifically the search/discover filtering flow. The vulnerability arises from improper sanitization of user input supplied via the filter_type_1 parameter, enabling a Reflected Cross-Site Scripting (XSS) condition. This is documented across multiple sourc...

PT-2026-28303

A Reflected Cross-Site Scripting XSS vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter type 1 parameter...

org.dspace.modules:jspui (>=4.0 <=5.10) potentially affected by CVE-2022-31194 via org.dspace:dspace-jspui (>=4.0 <=5.10)

org.dspace:dspace-jspui MAVEN version =4.0, =4.0, =5.10 Source cves: CVE-2022-31194 Source advisory: OSV:GHSA-QP5M-C3M9-8Q2P...

de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-identifiers-enduring-submission-jspui (=6.3.0) +1 more potentially affected by CVE-2022-31194 via org.dspace:dspace-jspui (>=6.0 <=6.3)

org.dspace:dspace-jspui MAVEN version =6.0, =6.2.0, =6.0, =6.3 Source cves: CVE-2022-31194 Source advisory: OSV:GHSA-QP5M-C3M9-8Q2P...

org.dspace.modules:jspui (>=4.0 <=5.10) potentially affected by CVE-2022-31193 via org.dspace:dspace-jspui (>=4.0 <=5.10)

org.dspace:dspace-jspui MAVEN version =4.0, =4.0, =5.10 Source cves: CVE-2022-31193 Source advisory: OSV:GHSA-763J-Q7WV-VF3M...

de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-identifiers-enduring-submission-jspui (=6.3.0) +1 more potentially affected by CVE-2022-31193 via org.dspace:dspace-jspui (>=6.0 <=6.3)

org.dspace:dspace-jspui MAVEN version =6.0, =6.2.0, =6.0, =6.3 Source cves: CVE-2022-31193 Source advisory: OSV:GHSA-763J-Q7WV-VF3M...

org.dspace.modules:jspui (>=5.0 <=5.10) potentially affected by CVE-2022-31192 via org.dspace:dspace-jspui (>=5.0 <=5.10)

org.dspace:dspace-jspui MAVEN version =5.0, =5.0, =5.10 Source cves: CVE-2022-31192 Source advisory: OSV:GHSA-4WM8-C2VV-XRPQ...

org.dspace.modules:jspui (>=4.0 <=5.10) potentially affected by CVE-2022-31191 via org.dspace:dspace-jspui (>=4.0 <=5.10)

org.dspace:dspace-jspui MAVEN version =4.0, =4.0, =5.10 Source cves: CVE-2022-31191 Source advisory: OSV:GHSA-C558-5GFM-P2R8...

Information Disclosure

dspace-jspui is vulnerable to information disclosure. The vulnerability exists because the doGet function of InternalErrorServlet.java does not properly sanitize the internal system error exceptions and stack traces, allowing an attacker to gain sensitive information through the exceptions and...

Open Redirect

dspace-jspui is vulnerable to open redirect attacks. The vulnerability exists through the controlled vocabulary feature in the doDSGet function of ControlledVocabularyServlet.java, allowing an attacker to redirect to malicious websites by providing maliciously crafted urls...

CVE-2022-31191

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

CVE-2022-31193

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a...

CVE-2022-31189

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...

CVE-2022-31192

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

Design/Logic Flaw

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...

Open redirect

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a...

Spoofing

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

Path traversal

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...