DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.dspace:dspace-jspui(Maven) | 5.0 | 5.11 | N/A |
| org.dspace:dspace-jspui(Maven) | 6.0 | 6.4 | N/A |
CVSS Metrics
