org.dspace:dspace-jspui@5.7 vulnerabilities
-
latest version
6.4
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
2 years ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.dspace:dspace-jspui package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.dspace:dspace-jspui is a DSpace JSP Based Webapplication Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information via an Note: This vulnerability does not impact the How to fix Generation of Error Message Containing Sensitive Information? Upgrade |
[4.0,6.4)
|
org.dspace:dspace-jspui is a DSpace JSP Based Webapplication Affected versions of this package are vulnerable to Directory Traversal via the resumable upload implementations in the Note: This vulnerability cannot be exploited by an anonymous user or a basic user.
The user must first have submitter privileges to at least one Collection and be able to determine how to modify the request parameters to exploit the vulnerability.
This vulnerability does not impact the How to fix Directory Traversal? Upgrade |
[4.0,5.11)
[6.0,6.4)
|
org.dspace:dspace-jspui is a DSpace JSP Based Webapplication Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Note: This vulnerability does not impact the How to fix Cross-site Scripting (XSS)? Upgrade |
[5.0,5.11)
[6.0,6.4)
|
org.dspace:dspace-jspui is a DSpace JSP Based Webapplication Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the spellcheck "Did you mean" component, due to missing escaping of the displayed text, and the Note: This vulnerability does not impact the XMLUI or version 7. How to fix Cross-site Scripting (XSS)? Upgrade |
[4.0,5.11)
[6.0,6.4)
|
org.dspace:dspace-jspui is a DSpace JSP Based Webapplication Affected versions of this package are vulnerable to Open Redirect via the controlled vocabulary servlet component. Exploiting this vulnerability is possible by crafting a malicious URL that looks like a legitimate DSpace/repository URL, which redirects the target to a site of the attacker's choice when they click it. Note: This vulnerability does not impact the How to fix Open Redirect? Upgrade |
[4.0,5.11)
[6.0,6.4)
|