2 matches found
Path Traversal
org.dspace:dspace-jspui is vulnerable to path traversal. The vulnerability exists due to the resumable upload implementations in SubmissionController and FileUploadRequest components, which allows an attacker to modify request parameters during submission and create files or directories anywhere ...
Cross-site Scripting (XSS)
org.dspace:dspace-jspui is vulnerable to cross-site scriptingXSS attacks. The Request a Copy feature does not properly escape values submitted and stored from the Request a Copy form, which allows an attacker to inject and execute malicious javascript through the parameters in processForm functio...