DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| Link | Resource |
|---|---|
| https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37 | Patch Third Party Advisory |
| https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9 | Patch Third Party Advisory |
| https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpq | Patch Third Party Advisory |
| https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37 | Patch Third Party Advisory |
| https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9 | Patch Third Party Advisory |
| https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpq | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:04
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
| References | () https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37 - Patch, Third Party Advisory | |
| References | () https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9 - Patch, Third Party Advisory | |
| References | () https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpq - Patch, Third Party Advisory |
Information
Published : 2022-08-01 21:15
Updated : 2024-11-21 07:04
NVD link : CVE-2022-31192
Mitre link : CVE-2022-31192
CVE.ORG link : CVE-2022-31192
JSON object : View
Products Affected
duraspace
- dspace
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')