Lucene search
+L

70 matches found

NVD
NVD
added 2022/08/01 9:15 p.m.42 views

CVE-2022-31195

DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...

7.2CVSS0.01118EPSS
Exploits0References3
Prion
Prion
added 2022/08/01 9:15 p.m.16 views

Path traversal

DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...

5.8CVSS6.9AI score0.01118EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/08/01 9:15 p.m.19 views

Design/Logic Flaw

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...

5CVSS5.1AI score0.00582EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/08/01 9:15 p.m.23 views

Path traversal

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...

5.8CVSS6.8AI score0.00886EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/08/01 9:15 p.m.18 views

Spoofing

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

5.8CVSS5.9AI score0.00611EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/08/01 9:15 p.m.21 views

Design/Logic Flaw

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

5.8CVSS6.1AI score0.00624EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/08/01 9:15 p.m.20 views

Open redirect

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a...

5.8CVSS6.1AI score0.00579EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/08/01 8:35 p.m.50 views

CVE-2022-31195 Path traversal vulnerability in Simple Archive Format package import in DSpace

DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...

7.2CVSS7.2AI score0.01118EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/08/01 8:35 p.m.5 views

CVE-2022-31195 Path traversal vulnerability in Simple Archive Format package import in DSpace

DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...

7.2CVSS7AI score0.01118EPSS
Exploits0References3
CVE
CVE
added 2022/08/01 8:35 p.m.462 views

CVE-2022-31195

CVE-2022-31195 affects DSpace open source software, specifically the ItemImportServiceImpl, which is vulnerable to a path traversal when processing SAF packages. A malicious SAF package could cause a file/directory to be created anywhere writable by the Tomcat/DSpace user, but only if the attacke...

7.2CVSS7AI score0.01118EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/08/01 8:35 p.m.32 views

CVE-2022-31195 Path traversal vulnerability in Simple Archive Format package import in DSpace

DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...

7.2CVSS6.9AI score0.01118EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/08/01 8:30 p.m.5 views

CVE-2022-31192 Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

7.1CVSS6.6AI score0.00611EPSS
Exploits0References3
CVE
CVE
added 2022/08/01 8:30 p.m.116 views

CVE-2022-31192

The CVE-2022-31192 issue affects DSpace JSPUI (the Request a Copy feature) where input values submitted via the form are not properly escaped, enabling cross-site scripting (XSS) attacks in the JSPUI. The vulnerability is limited to JSPUI and does not affect XMLUI or other components. Remediation...

7.1CVSS6.1AI score0.00611EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/08/01 8:30 p.m.47 views

CVE-2022-31192 Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

7.1CVSS6.7AI score0.00611EPSS
Exploits0References3
OSV
OSV
added 2022/08/01 8:30 p.m.38 views

CVE-2022-31192 Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

7.1CVSS6.1AI score0.00611EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/08/01 8:30 p.m.35 views

CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

7.1CVSS6.9AI score0.00624EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/08/01 8:30 p.m.6 views

CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

7.1CVSS6.7AI score0.00624EPSS
Exploits0References5
OSV
OSV
added 2022/08/01 8:30 p.m.23 views

CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

7.1CVSS6.2AI score0.00624EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/08/01 8:25 p.m.42 views

CVE-2022-31194 Path traversal vulnerabilities in DSpace JSPUI submission upload

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...

8.2CVSS8.3AI score0.00886EPSS
Exploits0References3
OSV
OSV
added 2022/08/01 8:25 p.m.30 views

CVE-2022-31194 Path traversal vulnerabilities in DSpace JSPUI submission upload

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...

8.2CVSS7.5AI score0.00886EPSS
Exploits0References5
Rows per page
Query Builder