Description
DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This vulnerability has been patched in version 7.6.2.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-1992 | DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This vulnerability has been patched in version 7.6.2. |
Github GHSA |
GHSA-94cc-xjxr-pwvf | DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document |
References
History
No history.
Subscriptions
No data.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T04:04:25.278Z
Reserved: 2024-06-14T14:16:16.465Z
Link: CVE-2024-38364
Updated: 2024-07-05T15:20:43.991Z
Status : Deferred
Published: 2024-06-26T00:15:10.480
Modified: 2026-06-17T07:39:59.873
Link: CVE-2024-38364
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD
Github GHSA