dspace-jspui is vulnerable to open redirect attacks. The vulnerability exists through the controlled vocabulary feature in the doDSGet
function of ControlledVocabularyServlet.java
, allowing an attacker to redirect to malicious websites by providing maliciously crafted urls
CPE | Name | Operator | Version |
---|---|---|---|
dspace jsp-ui | le | 6.3 | |
dspace jsp-ui | le | 3.6 | |
dspace jsp-ui | le | 5.10 | |
dspace jsp-ui | le | 4.9 | |
dspace jsp-ui | le | 6.3 | |
dspace jsp-ui | le | 3.6 | |
dspace jsp-ui | le | 5.10 | |
dspace jsp-ui | le | 4.9 |