Cross-site Scripting (XSS)

2024-06-2606:57:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

dspace

server

webapp

vulnerability

cross-site scripting

xss

validation

download behavior

html

xml

javascript

bitstreams

browser

attacks

CVSS3

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L

AI Score

5.9

Confidence

High

JSON

org.dspace:dspace-server-webapp is vulnerable to Cross-site Scripting (XSS). The vulnerability is caused by improper validation of download behavior for HTML, XML, or JavaScript Bitstreams, allowing embedded JavaScript to execute in the user’s browser, which could potentially lead to XSS attacks.