CVE-2024-38364
- Source
- https://cve.org/CVERecord?id=CVE-2024-38364
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38364.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-38364
- Aliases
- Published
- 2024-06-25T23:45:57.493Z
- Modified
- 2026-04-02T12:21:41.378102Z
- Severity
-
- 2.6 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
- Details
-
DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This vulnerability has been patched in version 7.6.2.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38364.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-79" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38364.json
- https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf
- https://nvd.nist.gov/vuln/detail/CVE-2024-38364
- https://github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b
- https://github.com/DSpace/DSpace/pull/8891
- https://github.com/DSpace/DSpace/pull/9638
Affected packages
Git / github.com/DSpace/DSpace
Affected ranges
- Type
- GIT
- Repo
- https://github.com/DSpace/DSpace
- Events
-
IntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "7.0" }, { "last_affected": "7.6.1" } ] }
- Type
- GIT
- Repo
- https://github.com/dspace/dspace
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
cvs_final
dspace-1_0
dspace-1_0_1
dspace-1_1
dspace-1_1_1
dspace-1_2
dspace-1_2_1
dspace-1_2_2
dspace-1_3
dspace-1_3_1
dspace-1_3_2
dspace-1_4
dspace-1_4_1
dspace-1_4_2
dspace-1_5
dspace-1_5_1
duracloud-pilot-1
language-pack-1_3_1
language-pack-1_3_1-1
language-pack-1_3_2
language-pack-1_3_2-1
language-pack-1_4
language-pack-1_4_1
dspace-1.*
dspace-1.5.2
dspace-1.5.2-rc2
dspace-1.6.0
dspace-1.6.0-rc1
dspace-1.6.0-rc2
dspace-1.6.1
dspace-1.6.2
dspace-1.7.0
dspace-1.7.0-rc1
dspace-1.7.0-rc2
dspace-1.7.1
dspace-1.7.2
dspace-1.7.3
dspace-1.8.0
dspace-1.8.0-rc1
dspace-1.8.0-rc2
dspace-1.8.0-rc3
dspace-1.8.1
dspace-1.8.2
dspace-1.8.3
dspace-3.*
dspace-3.0
dspace-3.0-rc1
dspace-3.0-rc2
dspace-3.0-rc3
dspace-3.1
dspace-3.2
dspace-3.3
dspace-3.3-rc1
dspace-3.4
dspace-3.5
dspace-3.6
dspace-4.*
dspace-4.0
dspace-4.0-rc1
dspace-4.0-rc2
dspace-4.0-rc3
dspace-4.1
dspace-4.2
dspace-4.3
dspace-4.4
dspace-4.5
dspace-4.6
dspace-4.7
dspace-4.8
dspace-4.9
dspace-5.*
dspace-5.0
dspace-5.0-rc1
dspace-5.0-rc2
dspace-5.0-rc3
dspace-5.1
dspace-5.10
dspace-5.11
dspace-5.2
dspace-5.3
dspace-5.4
dspace-5.5
dspace-5.6
dspace-5.7
dspace-5.8
dspace-5.9
dspace-6.*
dspace-6.0
dspace-6.0-pre-DS-2701
dspace-6.0-rc1
dspace-6.0-rc2
dspace-6.0-rc3
dspace-6.0-rc4
dspace-6.1
dspace-6.2
dspace-6.3
dspace-6.4
dspace-7.*
dspace-7.0
dspace-7.0-beta1
dspace-7.0-beta2
dspace-7.0-beta2.1
dspace-7.0-beta3
dspace-7.0-beta4
dspace-7.0-beta4.1
dspace-7.0-beta5
dspace-7.0-preview-1
dspace-7.1
dspace-7.1.1
dspace-7.2
dspace-7.2.1
dspace-7.3
dspace-7.4
dspace-7.5
dspace-7.6
dspace-7.6.1
dspace-7.6.2
dspace-7.6.3
dspace-7.6.4
dspace-7.6.5
dspace-7.6.6
dspace-8.*
dspace-8.0-rc1
dspace-parent-1.*
dspace-parent-1.5.2-rc1
dspace-parent-1.7.1
dspace-parent-1.8.0-rc2