Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Vulnerability Description
DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This vulnerability has been patched in version 7.6.2.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
DSpace 安全漏洞
Vulnerability Description
DSpace是DuraSpace社区的一个开源的交钥匙存储库应用程序。 DSpace 7.0 版本到 7.6.1 版本存在安全漏洞,该漏洞源于当下载 HTML、XML 或 JavaScript Bitstream 时,用户的浏览器可能会执行任何嵌入的 JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A