1. Home
  2. Vulnerabilities
  3. CVE-2022-31192

CVE-2022-31192

CVSS v3.1 6.1 (Medium)
61% Progress
EPSS 0.07 % (32th)
0.07% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2022-08-01 21:15:13
(2 years ago)
Updated Date
2022-08-08 17:12:15
(2 years ago)

Affected Products

Duraspace

Configuration #1

    CPE23 From Up To
  Duraspace Dspace from 4.0 version and 5.10 and prior versions cpe:2.3:a:duraspace:dspace >= 4.0 <= 5.10
  Duraspace Dspace above 6.0 version and prior 6.4 version cpe:2.3:a:duraspace:dspace > 6.0 < 6.4