Lucene search

Veracode Vulnerability DatabaseVERACODE:47752

HistoryJun 26, 2024 - 6:57 a.m.

Cross-site Scripting (XSS)

2024-06-2606:57:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

dspace

server

webapp

vulnerability

cross-site scripting

xss

validation

download behavior

html

xml

javascript

bitstreams

browser

attacks

2.6 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L

5.9 Medium

AI Score

Confidence

High

JSON

org.dspace:dspace-server-webapp is vulnerable to Cross-site Scripting (XSS). The vulnerability is caused by improper validation of download behavior for HTML, XML, or JavaScript Bitstreams, allowing embedded JavaScript to execute in the user’s browser, which could potentially lead to XSS attacks.

CPENameOperatorVersion
dspace server webapple8.0-rc1
dspace server webapple8.0-rc1

CPE	Name	Operator	Version
	dspace server webapp	le	8.0-rc1
	dspace server webapp	le	8.0-rc1

References

github.com/advisories/GHSA-94cc-xjxr-pwvf

github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b

github.com/DSpace/DSpace/pull/8891

github.com/DSpace/DSpace/pull/9638

github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf

2.6 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L

5.9 Medium

AI Score

Confidence

High

JSON

Related for VERACODE:47752