Medium severity6.1NVD Advisory· Published Mar 27, 2026· Updated Mar 31, 2026

CVE-2025-61190

Description

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter.

Affected products

Lyrasis/Dspace
cpe:2.3:a:lyrasis:dspace:6.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/MerttTuran/9cf7de549749fe3ef7ce08d65e3540bdnvdExploitThird Party Advisory
dspace.comnvdProduct
lyrasis.comnvdProductBroken Link

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000