Home > Vulnerability Database > CVE-2022-31192

Mend.io Vulnerability Database

CVE-2022-31192

Good to know:

Date: August 1, 2022

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Java

Severity Score

6.1

Related Resources (5)

Url: https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpq

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31192

Url: https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37

Url: https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9

Url: https://www.mend.io/vulnerability-database/CVE-2022-31192

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version org.dspace:dspace-jspui:5.11,6.4

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31192

Good to know:

Date: August 1, 2022

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?