6/29/2023 0 Comments Xsection 5.11CVE-2022-31192 (impacts JSPUI) : The JSPUI "Request a Copy" feature is vulnerable to Cross Site Scripting (XSS) attacks.Reported by Hassan Bhuiyan, Brunel University London.Both are vulnerable to Cross Site Scripting (XSS). Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. CVE-2022-31191(impacts JSPUI only) : The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text.When that URL is clicked by the target, it redirects them to a site of the attacker's choice. CVE-2022-31193(impacts JSPUI only) : The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. ![]() This path traversal can only be executed by a user with submitter rights. CVE-2022-31194(impacts JSPUI only) : The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, just by modifying some request parameters during submission.Reported by Johannes Moritz of Ripstech.This path traversal is only possible by a user with special privileges (Administrators or someone with command-line access to the server). This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. CVE-2022-31195 (impacts XMLUI and JSPUI) : Path traversal vulnerability in Simple Archive Format package import (ItemImportService API).No database changes should be necessary when upgrading from DSpace 5.x to 5.11. As it only provides only security and bug fixes, DSpace 5.11 should constitute an easy upgrade from DSpace 5.x for most users. To ensure your 5.x site is secure, we highly recommend ALL DSpace 5.x users upgrade to DSpace 5.11.ĭSpace 5.11 upgrade instructions are available at: Upgrading DSpaceĭSpace 5.11 is a bug fix release to resolve several issues located in previous 5.x releases. ←Back to the Table of Contents Proudly powered by WordPress.DSpace 5.11 contains security and bug fixes for both the JSPUI and XMLUI. Section 5.34 Septic Systems and Bedroom Count.Section 5.33 Re-Use of Listing Photos and Content.Section 5.30 Pre-construction/To Be Built Homes.Section 5.27 Expiration, Extension and Renewal of Listings.Section 5.25 Listing Release Prior to Expiration.Section 5.24 Listing Withdrawal Prior to Expiration.Section 5.21 Reporting Contingency Resolution.Section 5.20 Contingent Conditions or Special Terms.Section 5.18 Participant or Subscriber as Purchaser.Section 5.17 Participant or Subscriber as Principal.Section 5.13.1 Structured Compensation Terms.Section 5.11 Designation of Listing Type. ![]() ![]()
0 Comments
Leave a Reply. |