1. Home
  2. Vulnerabilities
  3. CVE-2024-38364

CVE-2024-38364

CVSS v3.1 2.6 (Low)
26% Progress
EPSS 0.04 % (16th)
0.04% Progress
Advisories 1
NVD Status Awaiting Analysis
Info CVSS EPSS CAPEC References Security Advisories Packages & Software Graph Web & Social Timeline

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This vulnerability has been patched in version 7.6.2.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
GitHub, Inc.
Published Date
2024-06-26 00:15:10
(2 months ago)
Updated Date
2024-06-26 12:44:29
(2 months ago)