CVE-2024-38364

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38364

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38364.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-38364

Aliases

GHSA-94cc-xjxr-pwvf

Published

2024-06-26T00:15:10Z

Modified

2024-10-08T04:15:44.989811Z

Summary

[none]

Details

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This vulnerability has been patched in version 7.6.2.

References

Affected packages

Git / github.com/dspace/dspace

Affected ranges

Type: GIT
Repo: https://github.com/dspace/dspace
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f1059b4340857cca3dc4c45b1ebbadce6bb61c0b

Affected versions

dspace-3.*

dspace-3.0

dspace-3.0-rc1

dspace-3.0-rc2

dspace-3.0-rc3

dspace-4.*

dspace-4.0

dspace-4.0-rc1

dspace-4.0-rc2

dspace-4.0-rc3

dspace-5.*

dspace-5.0

dspace-5.0-rc1

dspace-5.0-rc2

dspace-5.0-rc3

dspace-6.*

dspace-6.0

dspace-6.0-pre-DS-2701

dspace-6.0-rc1

dspace-6.0-rc2

dspace-6.0-rc3

dspace-6.0-rc4

dspace-7.*

dspace-7.0

dspace-7.0-beta1

dspace-7.0-beta2

dspace-7.0-beta2.1

dspace-7.0-beta3

dspace-7.0-beta4

dspace-7.0-beta4.1

dspace-7.0-beta5

dspace-7.0-preview-1

dspace-7.1

dspace-7.2

dspace-7.2.1

dspace-7.3

dspace-7.4

dspace-7.5

dspace-7.6

dspace-8.*

dspace-8.0-rc1