Lucene search
Veracode Vulnerability DatabaseVERACODE:36554HistoryAug 02, 2022 - 4:16 a.m.
Cross-site Scripting (XSS)
2022-08-0204:16:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
40.8%
dspace-jspui is vulnerable to cross-site scripting. The vulnerability exists because the discovery.jsp does not properly escape the data-spell attribute text and the autocomplete text before being rendered on the page, allowing an attacker to inject and execute malicious javascript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dspace jsp-ui | le | 6.3 | |
| dspace jsp-ui | le | 5.10 | |
| dspace jsp-ui | le | 6.3 | |
| dspace jsp-ui | le | 5.10 |
References
github.com/DSpace/DSpace/commit/35030a23e48b5946f5853332c797e1c4adea7bb7
github.com/DSpace/DSpace/commit/6f75bb084ab1937d094208c55cd84340040bcbb5
github.com/DSpace/DSpace/commit/c89e493e517b424dea6175caba54e91d3847fc3a
github.com/DSpace/DSpace/commit/ebb83a75234d3de9be129464013e998dc929b68d
github.com/DSpace/DSpace/security/advisories/GHSA-c558-5gfm-p2r8
Related
prion
prion
Design/Logic Flaw
2022-08-01 21:15:00
github
github
JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting
2022-08-06 05:46:14
cve
cve
CVE-2022-31191
2022-08-01 21:15:13
osv
osv
JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting
2022-08-06 05:46:14
CVE-2022-31191
2022-08-01 21:15:13
cvelist
cvelist
nvd
nvd
CVE-2022-31191
2022-08-01 21:15:13