Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools
Vulnerability Description
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Dspace 跨站脚本漏洞
Vulnerability Description
Dspace是DuraSpace社区的一个开源的交钥匙存储库应用程序。 DSpace 6.4之前版本存在跨站脚本漏洞,该漏洞源于dspace-jspui中不会转义实际显示的文本。
CVSS Information
N/A
Vulnerability Type
N/A