CVE-2024-38364

{"id": "CVE-2024-38364", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2024-06-26T00:15:10.480", "references": [{"url": "https://github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b", "source": "[email protected]"}, {"url": "https://github.com/DSpace/DSpace/pull/8891", "source": "[email protected]"}, {"url": "https://github.com/DSpace/DSpace/pull/9638", "source": "[email protected]"}, {"url": "https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf", "source": "[email protected]"}, {"url": "https://github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/DSpace/DSpace/pull/8891", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/DSpace/DSpace/pull/9638", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This vulnerability has been patched in version 7.6.2."}, {"lang": "es", "value": "DSpace es un software de c\u00f3digo abierto, una aplicaci\u00f3n de repositorio llave en mano utilizada por m\u00e1s de 2000 organizaciones e instituciones en todo el mundo para brindar acceso duradero a recursos digitales. En DSpace 7.0 a 7.6.1, cuando se descarga un Bitstream HTML, XML o JavaScript, el navegador del usuario puede ejecutar cualquier JavaScript incrustado. Si ese JavaScript incrustado es malicioso, existe el riesgo de sufrir un ataque XSS. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 7.6.2."}], "lastModified": "2024-11-21T09:25:27.740", "sourceIdentifier": "[email protected]"}