org.dspace:dspace-jspui is vulnerable to cross-site scripting(XSS) attacks. The Request a Copy
feature does not properly escape values submitted and stored from the Request a Copy
form, which allows an attacker to inject and execute malicious javascript through the parameters in processForm
function.
CPE | Name | Operator | Version |
---|---|---|---|
dspace jsp-ui | le | 6.3 | |
dspace jsp-ui | le | 5.10 | |
dspace jsp-ui | le | 6.3 | |
dspace jsp-ui | le | 5.10 |