Vulnerability Description
DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This vulnerability has been patched in version 7.6.2.
CVSS Score
LOW
Related Weaknesses (CWE)
References
- https://github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b
- https://github.com/DSpace/DSpace/pull/8891
- https://github.com/DSpace/DSpace/pull/9638
- https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf
- https://github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b
- https://github.com/DSpace/DSpace/pull/8891
- https://github.com/DSpace/DSpace/pull/9638
- https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf
FAQ
What is CVE-2024-38364?
CVE-2024-38364 is a vulnerability with a CVSS score of 2.6 (LOW). DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 thr...
How severe is CVE-2024-38364?
CVE-2024-38364 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-38364?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.