漏洞标题
在DSpace JSPUI的“请求复制”功能中可实现跨站点脚本(XSS)
漏洞描述信息
DSpace JSPUI的"请求副本"功能可能存在跨站脚本攻击的风险
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature
漏洞描述信息
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
Dspace 跨站脚本漏洞
漏洞描述信息
Dspace是DuraSpace社区的一个开源的交钥匙存储库应用程序。 DSpace 6.4之前版本存在跨站脚本漏洞,该漏洞源于dspace-jspui中的Request a Copy功能无法正确转义表单提交和存储的值。
CVSS信息
N/A
漏洞类别
跨站脚本