{"url":"http://public2.vulnerablecode.io/api/packages/25676?format=json","purl":"pkg:maven/org.dspace/dspace-jspui@6.3","type":"maven","namespace":"org.dspace","name":"dspace-jspui","version":"6.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.4","latest_non_vulnerable_version":"6.4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211172?format=json","vulnerability_id":"VCID-3hxm-vbnh-c3bg","summary":"JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31193","reference_id":"","reference_type":"","scores":[{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.50017","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.50151","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31193"},{"reference_url":"https://github.com/DSpace/DSpace","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace"},{"reference_url":"https://github.com/DSpace/DSpace/commit/5f72424a478f59061dcc516b866dcc687bc3f9de","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace/commit/5f72424a478f59061dcc516b866dcc687bc3f9de"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31193","reference_id":"CVE-2022-31193","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31193"},{"reference_url":"https://github.com/advisories/GHSA-763j-q7wv-vf3m","reference_id":"GHSA-763j-q7wv-vf3m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-763j-q7wv-vf3m"},{"reference_url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-763j-q7wv-vf3m","reference_id":"GHSA-763j-q7wv-vf3m","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-763j-q7wv-vf3m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25677?format=json","purl":"pkg:maven/org.dspace/dspace-jspui@6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-jspui@6.4"}],"aliases":["CVE-2022-31193","GHSA-763j-q7wv-vf3m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hxm-vbnh-c3bg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167419?format=json","vulnerability_id":"VCID-7jts-b6tj-4kcs","summary":"DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck \"Did you mean\" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31191","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63721","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63823","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31191"},{"reference_url":"https://github.com/DSpace/DSpace","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace"},{"reference_url":"https://github.com/DSpace/DSpace/commit/35030a23e48b5946f5853332c797e1c4adea7bb7","reference_id":"35030a23e48b5946f5853332c797e1c4adea7bb7","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:38Z/"}],"url":"https://github.com/DSpace/DSpace/commit/35030a23e48b5946f5853332c797e1c4adea7bb7"},{"reference_url":"https://github.com/DSpace/DSpace/commit/6f75bb084ab1937d094208c55cd84340040bcbb5","reference_id":"6f75bb084ab1937d094208c55cd84340040bcbb5","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:38Z/"}],"url":"https://github.com/DSpace/DSpace/commit/6f75bb084ab1937d094208c55cd84340040bcbb5"},{"reference_url":"https://github.com/DSpace/DSpace/commit/c89e493e517b424dea6175caba54e91d3847fc3a","reference_id":"c89e493e517b424dea6175caba54e91d3847fc3a","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:38Z/"}],"url":"https://github.com/DSpace/DSpace/commit/c89e493e517b424dea6175caba54e91d3847fc3a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31191","reference_id":"CVE-2022-31191","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31191"},{"reference_url":"https://github.com/DSpace/DSpace/commit/ebb83a75234d3de9be129464013e998dc929b68d","reference_id":"ebb83a75234d3de9be129464013e998dc929b68d","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:38Z/"}],"url":"https://github.com/DSpace/DSpace/commit/ebb83a75234d3de9be129464013e998dc929b68d"},{"reference_url":"https://github.com/advisories/GHSA-c558-5gfm-p2r8","reference_id":"GHSA-c558-5gfm-p2r8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c558-5gfm-p2r8"},{"reference_url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-c558-5gfm-p2r8","reference_id":"GHSA-c558-5gfm-p2r8","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:38Z/"}],"url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-c558-5gfm-p2r8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25677?format=json","purl":"pkg:maven/org.dspace/dspace-jspui@6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-jspui@6.4"}],"aliases":["CVE-2022-31191","GHSA-c558-5gfm-p2r8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jts-b6tj-4kcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211173?format=json","vulnerability_id":"VCID-aqrb-4zj2-27hu","summary":"JSPUI vulnerable to path traversal in submission (resumable) upload","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31194","reference_id":"","reference_type":"","scores":[{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.74979","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.75049","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31194"},{"reference_url":"https://github.com/DSpace/DSpace","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace"},{"reference_url":"https://github.com/DSpace/DSpace/commit/7569c6374aefeafb996e202cf8d631020eda5f24","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace/commit/7569c6374aefeafb996e202cf8d631020eda5f24"},{"reference_url":"https://github.com/DSpace/DSpace/commit/d1dd7d23329ef055069759df15cfa200c8e3","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace/commit/d1dd7d23329ef055069759df15cfa200c8e3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31194","reference_id":"CVE-2022-31194","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31194"},{"reference_url":"https://github.com/advisories/GHSA-qp5m-c3m9-8q2p","reference_id":"GHSA-qp5m-c3m9-8q2p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qp5m-c3m9-8q2p"},{"reference_url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-qp5m-c3m9-8q2p","reference_id":"GHSA-qp5m-c3m9-8q2p","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-qp5m-c3m9-8q2p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25677?format=json","purl":"pkg:maven/org.dspace/dspace-jspui@6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-jspui@6.4"}],"aliases":["CVE-2022-31194","GHSA-qp5m-c3m9-8q2p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqrb-4zj2-27hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167457?format=json","vulnerability_id":"VCID-rqa7-vzkq-d7gm","summary":"DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI \"Request a Copy\" feature does not properly escape values submitted and stored from the \"Request a Copy\" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31192","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55268","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55147","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31192"},{"reference_url":"https://github.com/DSpace/DSpace","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace"},{"reference_url":"https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37","reference_id":"28eb8158210d41168a62ed5f9e044f754513bc37","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:35Z/"}],"url":"https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31192","reference_id":"CVE-2022-31192","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31192"},{"reference_url":"https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9","reference_id":"f7758457b7ec3489d525e39aa753cc70809d9ad9","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:35Z/"}],"url":"https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9"},{"reference_url":"https://github.com/advisories/GHSA-4wm8-c2vv-xrpq","reference_id":"GHSA-4wm8-c2vv-xrpq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4wm8-c2vv-xrpq"},{"reference_url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpq","reference_id":"GHSA-4wm8-c2vv-xrpq","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:35Z/"}],"url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25677?format=json","purl":"pkg:maven/org.dspace/dspace-jspui@6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-jspui@6.4"}],"aliases":["CVE-2022-31192","GHSA-4wm8-c2vv-xrpq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rqa7-vzkq-d7gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167230?format=json","vulnerability_id":"VCID-twyj-43v5-fydy","summary":"DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an \"Internal System Error\" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31189","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46408","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46262","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31189"},{"reference_url":"https://github.com/DSpace/DSpace","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace"},{"reference_url":"https://github.com/DSpace/DSpace/commit/afcc6c3389729b85d5c7b0230cbf9aaf7452f31a","reference_id":"afcc6c3389729b85d5c7b0230cbf9aaf7452f31a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:52Z/"}],"url":"https://github.com/DSpace/DSpace/commit/afcc6c3389729b85d5c7b0230cbf9aaf7452f31a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31189","reference_id":"CVE-2022-31189","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31189"},{"reference_url":"https://github.com/advisories/GHSA-c2j7-66m3-r4ff","reference_id":"GHSA-c2j7-66m3-r4ff","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c2j7-66m3-r4ff"},{"reference_url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-c2j7-66m3-r4ff","reference_id":"GHSA-c2j7-66m3-r4ff","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:52Z/"}],"url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-c2j7-66m3-r4ff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25677?format=json","purl":"pkg:maven/org.dspace/dspace-jspui@6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-jspui@6.4"}],"aliases":["CVE-2022-31189","GHSA-c2j7-66m3-r4ff"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twyj-43v5-fydy"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-jspui@6.3"}