CVE Catalog

CVE-2025-61190

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile - higher than 13% of all known CVEs

Summary

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter.

Risk Assessment

An attacker can inject malicious JavaScript code that executes in the victim's browser, potentially leading to session theft, redirection to malicious sites, or credential theft.

Recommendation

Immediately update DSpace JSPUI to the latest patched version or apply a temporary fix by validating and encoding the output of the filter_type_1 parameter.

Original NVD description (English source)

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS