Impact
The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a sit…
[org.dspace:dspace-jspui] JSPUI Possible Cross Site Scripting in “Request a Copy” Feature
Impact
The JSPUI “Request a Copy” feature does not properly escape values submitted and stored from the “Request a Copy” form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI.
This vulnerabi…
[org.dspace:dspace-jspui] Cross Site Scripting (XSS) possible in JSPUI spellcheck and autocomplete tools
Impact
The JSPUI spellcheck “Did you mean” HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulne…
[org.dspace:dspace-xmlui] XMLUI’s metadata of withdrawn Items is exposed to anonymous users
Impact
Metadata on a withdrawn Item is exposed via the XMLUI “mets.xml” object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI.
However, this vulnerability is very low severity as Item metadata does …
[org.dspace:dspace-jspui] JSPUI’s “Internal System Error” page prints exceptions and stack traces without sanitization
Impact
When an “Internal System Error” occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impac…
[@solana/pay] Solana Pay Vulnerable to Weakness in Transfer Validation Logic
Description
When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied validateTransfer function. An edge case regarding this mechanism could caus…
[drupal/core] Drupal core Information Disclosure vulnerability
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system.
Access to a non-public file is checked only if it is …
[untangle] untangle before 1.2.1 vulnerable to XML Entity Expansion
Impact
An attacker may be able to cause a denial-of-service (DoS) condition on the server on which the product is running. This affects untangle versions up to and including 1.2.0
Patches
The problem has been fixed with version 1.2.1
Workarounds
None
R…
[untangle] untangle before 1.2.1 vulnerable to Improper Restriction of XML External Entity Reference
Impact
An attacker may be able to read the contents of local files. This affects untangle versions up to and including 1.2.0
Patches
The problem has been fixed with version 1.2.1
Workarounds
None
References
https://jvn.jp/en/jp/JVN30454777/
For more in…
[next-auth] next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Impact
An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider’s secret in the log (which is thrown during OAuth error han…