org.dspace:dspace@7.5 vulnerabilities
-
latest version
7.6.1
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
8 months ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.dspace:dspace package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.dspace:dspace is a digital asset management system that powers Institutional Repositories Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when loading Bitstream documents including HTML, XML or JavaScript, which may be inlined and executed in the browser rather than downloaded as-is. A user with Submitter privilege can cause JavaScript to be executed in another user's browser session by convincing another authenticated user to download a malicious file. Note: Existing DSpace CORS and CSRF protections limit the impact of this vulnerability. How to fix Cross-site Scripting (XSS)? Upgrade |
[7.0,8.0)
|