Space open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.
| Link | Resource |
|---|---|
| https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37 | Patch Third Party Advisory |
| https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9 | Patch Third Party Advisory |
| https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpq | Patch Third Party Advisory |
| https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37 | Patch Third Party Advisory |
| https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9 | Patch Third Party Advisory |
| https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpq | Patch Third Party Advisory |
Configuration 1 (hide)
|
21 Nov 2024, 07:04
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
| References | () https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37 - Patch, Third Party Advisory | |
| References | () https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9 - Patch, Third Party Advisory | |
| References | () https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpq - Patch, Third Party Advisory |
Published : 2022-08-01 21:15
Updated : 2024-11-21 07:04
NVD link : CVE-2022-31192
Mitre link : CVE-2022-31192
CVE.ORG link : CVE-2022-31192
JSON object : View
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')