Lucene search
Veracode Vulnerability DatabaseVERACODE:36556HistoryAug 02, 2022 - 5:09 a.m.
Cross-site Scripting (XSS)
2022-08-0205:09:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.001 Low
EPSS
Percentile
31.0%
org.dspace:dspace-jspui is vulnerable to cross-site scripting(XSS) attacks. The Request a Copy feature does not properly escape values submitted and stored from the Request a Copy form, which allows an attacker to inject and execute malicious javascript through the parameters in processForm function.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dspace jsp-ui | le | 6.3 | |
| dspace jsp-ui | le | 5.10 | |
| dspace jsp-ui | le | 6.3 | |
| dspace jsp-ui | le | 5.10 |
Related
cvelist
cvelist
github
github
JSPUI Possible Cross Site Scripting in "Request a Copy" Feature
2022-08-06 05:46:27
cve
cve
CVE-2022-31192
2022-08-01 21:15:13
nvd
nvd
CVE-2022-31192
2022-08-01 21:15:13
osv
osv
JSPUI Possible Cross Site Scripting in "Request a Copy" Feature
2022-08-06 05:46:27
CVE-2022-31192
2022-08-01 21:15:13
prion
prion
Spoofing
2022-08-01 21:15:00