Vulnerability Description
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Duraspace | Dspace | >= 4.0, <= 5.10 |
Related Weaknesses (CWE)
References
- https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37PatchThird Party Advisory
- https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9PatchThird Party Advisory
- https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpqPatchThird Party Advisory
- https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37PatchThird Party Advisory
- https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9PatchThird Party Advisory
- https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpqPatchThird Party Advisory
FAQ
What is CVE-2022-31192?
CVE-2022-31192 is a vulnerability with a CVSS score of 7.1 (HIGH). DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not prope...
How severe is CVE-2022-31192?
CVE-2022-31192 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31192?
Check the references section above for vendor advisories and patch information. Affected products include: Duraspace Dspace.