Maven package
org.dspace/dspace-jspui
pkg:maven/org.dspace/dspace-jspui
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31192 | — | >= 5.0, < 5.11 | 5.11 | Aug 1, 2022 | DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This mean | ||
| CVE-2022-31191 | — | >= 4.0, < 5.11 | 5.11 | Aug 1, 2022 | DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similar | ||
| CVE-2022-31194 | — | >= 4.0, < 5.11 | 5.11 | Aug 1, 2022 | DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversa | ||
| CVE-2022-31193 | — | >= 4.0, < 5.11 | 5.11 | Aug 1, 2022 | DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL tha | ||
| CVE-2022-31189 | — | >= 4.0, < 6.4 | 6.4 | Aug 1, 2022 | DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in t |
- CVE-2022-31192Aug 1, 2022affected >= 5.0, < 5.11fixed 5.11
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This mean
- CVE-2022-31191Aug 1, 2022affected >= 4.0, < 5.11fixed 5.11
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similar
- CVE-2022-31194Aug 1, 2022affected >= 4.0, < 5.11fixed 5.11
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversa
- CVE-2022-31193Aug 1, 2022affected >= 4.0, < 5.11fixed 5.11
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL tha
- CVE-2022-31189Aug 1, 2022affected >= 4.0, < 6.4fixed 6.4
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in t