CVE-2024-38364

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-38364
DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This vulnerability has been patched in version 7.6.2.

2.6 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b
https://github.com/DSpace/DSpace/pull/8891
https://github.com/DSpace/DSpace/pull/9638
https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf
https://github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b
https://github.com/DSpace/DSpace/pull/8891
https://github.com/DSpace/DSpace/pull/9638
https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf
Configurations

No configuration.

History

21 Nov 2024, 09:25

Type Values Removed Values Added
References () https://github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b - () https://github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b -
References () https://github.com/DSpace/DSpace/pull/8891 - () https://github.com/DSpace/DSpace/pull/8891 -
References () https://github.com/DSpace/DSpace/pull/9638 - () https://github.com/DSpace/DSpace/pull/9638 -
References () https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf - () https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf -
Summary
  • (es) DSpace es un software de código abierto, una aplicación de repositorio llave en mano utilizada por más de 2000 organizaciones e instituciones en todo el mundo para brindar acceso duradero a recursos digitales. En DSpace 7.0 a 7.6.1, cuando se descarga un Bitstream HTML, XML o JavaScript, el navegador del usuario puede ejecutar cualquier JavaScript incrustado. Si ese JavaScript incrustado es malicioso, existe el riesgo de sufrir un ataque XSS. Esta vulnerabilidad ha sido parcheada en la versión 7.6.2.

26 Jun 2024, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-26 00:15

Updated : 2024-11-21 09:25

NVD link : CVE-2024-38364

Mitre link : CVE-2024-38364

CVE.ORG link : CVE-2024-38364

JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024