Vulnerability DatabaseCVE-2024-38364
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-38364
June 25, 2024
DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This vulnerability has been patched in version 7.6.2.
Related Resources (6)
https://github.com/DSpace/DSpace/pull/8891
https://github.com/DSpace/DSpace/pull/9638
https://github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b
https://github.com/DSpace/DSpace
https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf
https://nvd.nist.gov/vuln/detail/CVE-2024-38364
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79
EPSS
Base Score:
0.11