{"url":"http://public2.vulnerablecode.io/api/packages/579458?format=json","purl":"pkg:maven/org.dspace/dspace-parent@5.9","type":"maven","namespace":"org.dspace","name":"dspace-parent","version":"5.9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.4","latest_non_vulnerable_version":"7.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211172?format=json","vulnerability_id":"VCID-3hxm-vbnh-c3bg","summary":"JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31193","reference_id":"","reference_type":"","scores":[{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.50017","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.50151","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31193"},{"reference_url":"https://github.com/DSpace/DSpace","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace"},{"reference_url":"https://github.com/DSpace/DSpace/commit/5f72424a478f59061dcc516b866dcc687bc3f9de","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace/commit/5f72424a478f59061dcc516b866dcc687bc3f9de"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31193","reference_id":"CVE-2022-31193","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31193"},{"reference_url":"https://github.com/advisories/GHSA-763j-q7wv-vf3m","reference_id":"GHSA-763j-q7wv-vf3m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-763j-q7wv-vf3m"},{"reference_url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-763j-q7wv-vf3m","reference_id":"GHSA-763j-q7wv-vf3m","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-763j-q7wv-vf3m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/579460?format=json","purl":"pkg:maven/org.dspace/dspace-parent@5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cb4c-p3jv-4bf4"},{"vulnerability":"VCID-twyj-43v5-fydy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/579465?format=json","purl":"pkg:maven/org.dspace/dspace-parent@6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@6.4"}],"aliases":["CVE-2022-31193","GHSA-763j-q7wv-vf3m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hxm-vbnh-c3bg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167419?format=json","vulnerability_id":"VCID-7jts-b6tj-4kcs","summary":"DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck \"Did you mean\" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31191","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63721","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63823","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31191"},{"reference_url":"https://github.com/DSpace/DSpace","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace"},{"reference_url":"https://github.com/DSpace/DSpace/commit/35030a23e48b5946f5853332c797e1c4adea7bb7","reference_id":"35030a23e48b5946f5853332c797e1c4adea7bb7","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:38Z/"}],"url":"https://github.com/DSpace/DSpace/commit/35030a23e48b5946f5853332c797e1c4adea7bb7"},{"reference_url":"https://github.com/DSpace/DSpace/commit/6f75bb084ab1937d094208c55cd84340040bcbb5","reference_id":"6f75bb084ab1937d094208c55cd84340040bcbb5","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:38Z/"}],"url":"https://github.com/DSpace/DSpace/commit/6f75bb084ab1937d094208c55cd84340040bcbb5"},{"reference_url":"https://github.com/DSpace/DSpace/commit/c89e493e517b424dea6175caba54e91d3847fc3a","reference_id":"c89e493e517b424dea6175caba54e91d3847fc3a","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:38Z/"}],"url":"https://github.com/DSpace/DSpace/commit/c89e493e517b424dea6175caba54e91d3847fc3a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31191","reference_id":"CVE-2022-31191","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31191"},{"reference_url":"https://github.com/DSpace/DSpace/commit/ebb83a75234d3de9be129464013e998dc929b68d","reference_id":"ebb83a75234d3de9be129464013e998dc929b68d","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:38Z/"}],"url":"https://github.com/DSpace/DSpace/commit/ebb83a75234d3de9be129464013e998dc929b68d"},{"reference_url":"https://github.com/advisories/GHSA-c558-5gfm-p2r8","reference_id":"GHSA-c558-5gfm-p2r8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c558-5gfm-p2r8"},{"reference_url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-c558-5gfm-p2r8","reference_id":"GHSA-c558-5gfm-p2r8","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:38Z/"}],"url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-c558-5gfm-p2r8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/579460?format=json","purl":"pkg:maven/org.dspace/dspace-parent@5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cb4c-p3jv-4bf4"},{"vulnerability":"VCID-twyj-43v5-fydy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/579465?format=json","purl":"pkg:maven/org.dspace/dspace-parent@6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@6.4"}],"aliases":["CVE-2022-31191","GHSA-c558-5gfm-p2r8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jts-b6tj-4kcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211173?format=json","vulnerability_id":"VCID-aqrb-4zj2-27hu","summary":"JSPUI vulnerable to path traversal in submission (resumable) upload","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31194","reference_id":"","reference_type":"","scores":[{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.74979","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.75049","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31194"},{"reference_url":"https://github.com/DSpace/DSpace","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace"},{"reference_url":"https://github.com/DSpace/DSpace/commit/7569c6374aefeafb996e202cf8d631020eda5f24","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace/commit/7569c6374aefeafb996e202cf8d631020eda5f24"},{"reference_url":"https://github.com/DSpace/DSpace/commit/d1dd7d23329ef055069759df15cfa200c8e3","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace/commit/d1dd7d23329ef055069759df15cfa200c8e3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31194","reference_id":"CVE-2022-31194","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31194"},{"reference_url":"https://github.com/advisories/GHSA-qp5m-c3m9-8q2p","reference_id":"GHSA-qp5m-c3m9-8q2p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qp5m-c3m9-8q2p"},{"reference_url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-qp5m-c3m9-8q2p","reference_id":"GHSA-qp5m-c3m9-8q2p","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-qp5m-c3m9-8q2p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/579460?format=json","purl":"pkg:maven/org.dspace/dspace-parent@5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cb4c-p3jv-4bf4"},{"vulnerability":"VCID-twyj-43v5-fydy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/579465?format=json","purl":"pkg:maven/org.dspace/dspace-parent@6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@6.4"}],"aliases":["CVE-2022-31194","GHSA-qp5m-c3m9-8q2p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqrb-4zj2-27hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167447?format=json","vulnerability_id":"VCID-cb4c-p3jv-4bf4","summary":"DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI \"mets.xml\" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31190","reference_id":"","reference_type":"","scores":[{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.50159","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.50024","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31190"},{"reference_url":"https://github.com/DSpace/DSpace","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace"},{"reference_url":"https://github.com/DSpace/DSpace/pull/2451","reference_id":"2451","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:56Z/"}],"url":"https://github.com/DSpace/DSpace/pull/2451"},{"reference_url":"https://github.com/DSpace/DSpace/commit/574e25496a40173653ae7d0a49a19ed8e3458606.patch","reference_id":"574e25496a40173653ae7d0a49a19ed8e3458606.patch","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:56Z/"}],"url":"https://github.com/DSpace/DSpace/commit/574e25496a40173653ae7d0a49a19ed8e3458606.patch"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31190","reference_id":"CVE-2022-31190","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31190"},{"reference_url":"https://github.com/advisories/GHSA-7w85-pp86-p4pq","reference_id":"GHSA-7w85-pp86-p4pq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7w85-pp86-p4pq"},{"reference_url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-7w85-pp86-p4pq","reference_id":"GHSA-7w85-pp86-p4pq","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:56Z/"}],"url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-7w85-pp86-p4pq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/579465?format=json","purl":"pkg:maven/org.dspace/dspace-parent@6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@6.4"}],"aliases":["CVE-2022-31190","GHSA-7w85-pp86-p4pq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cb4c-p3jv-4bf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167438?format=json","vulnerability_id":"VCID-d1rs-gggc-bbaf","summary":"DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible by a user with special privileges (either Administrators or someone with command-line access to the server). This vulnerability impacts the XMLUI, JSPUI and command-line. Users are advised to upgrade. As a basic workaround, users may block all access to the following URL paths: If you are using the XMLUI, block all access to /admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path \"/xmlui\", then you'd need to block access to /xmlui/admin/batchimport. If you are using the JSPUI, block all access to /dspace-admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path \"/jspui\", then you'd need to block access to /jspui/dspace-admin/batchimport. Keep in mind, only an Administrative user or a user with command-line access to the server is able to import/upload SAF packages. Therefore, assuming those users do not blindly upload untrusted SAF packages, then it is unlikely your site could be impacted by this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31195","reference_id":"","reference_type":"","scores":[{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.75051","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.74981","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31195"},{"reference_url":"https://github.com/DSpace/DSpace","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace"},{"reference_url":"https://github.com/DSpace/DSpace/commit/56e76049185bbd87c994128a9d77735ad7af0199","reference_id":"56e76049185bbd87c994128a9d77735ad7af0199","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:15Z/"}],"url":"https://github.com/DSpace/DSpace/commit/56e76049185bbd87c994128a9d77735ad7af0199"},{"reference_url":"https://github.com/DSpace/DSpace/commit/7af52a0883a9dbc475cf3001f04ed11b24c8a4c0","reference_id":"7af52a0883a9dbc475cf3001f04ed11b24c8a4c0","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:15Z/"}],"url":"https://github.com/DSpace/DSpace/commit/7af52a0883a9dbc475cf3001f04ed11b24c8a4c0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31195","reference_id":"CVE-2022-31195","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31195"},{"reference_url":"https://github.com/advisories/GHSA-8rmh-55h4-93h5","reference_id":"GHSA-8rmh-55h4-93h5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8rmh-55h4-93h5"},{"reference_url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-8rmh-55h4-93h5","reference_id":"GHSA-8rmh-55h4-93h5","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:15Z/"}],"url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-8rmh-55h4-93h5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/579460?format=json","purl":"pkg:maven/org.dspace/dspace-parent@5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cb4c-p3jv-4bf4"},{"vulnerability":"VCID-twyj-43v5-fydy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/579465?format=json","purl":"pkg:maven/org.dspace/dspace-parent@6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@6.4"}],"aliases":["CVE-2022-31195","GHSA-8rmh-55h4-93h5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1rs-gggc-bbaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167457?format=json","vulnerability_id":"VCID-rqa7-vzkq-d7gm","summary":"DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI \"Request a Copy\" feature does not properly escape values submitted and stored from the \"Request a Copy\" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31192","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55268","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55147","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31192"},{"reference_url":"https://github.com/DSpace/DSpace","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace"},{"reference_url":"https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37","reference_id":"28eb8158210d41168a62ed5f9e044f754513bc37","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:35Z/"}],"url":"https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31192","reference_id":"CVE-2022-31192","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31192"},{"reference_url":"https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9","reference_id":"f7758457b7ec3489d525e39aa753cc70809d9ad9","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:35Z/"}],"url":"https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9"},{"reference_url":"https://github.com/advisories/GHSA-4wm8-c2vv-xrpq","reference_id":"GHSA-4wm8-c2vv-xrpq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4wm8-c2vv-xrpq"},{"reference_url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpq","reference_id":"GHSA-4wm8-c2vv-xrpq","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:35Z/"}],"url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/579460?format=json","purl":"pkg:maven/org.dspace/dspace-parent@5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cb4c-p3jv-4bf4"},{"vulnerability":"VCID-twyj-43v5-fydy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/579465?format=json","purl":"pkg:maven/org.dspace/dspace-parent@6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@6.4"}],"aliases":["CVE-2022-31192","GHSA-4wm8-c2vv-xrpq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rqa7-vzkq-d7gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167230?format=json","vulnerability_id":"VCID-twyj-43v5-fydy","summary":"DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an \"Internal System Error\" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31189","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46408","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46262","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31189"},{"reference_url":"https://github.com/DSpace/DSpace","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/DSpace/DSpace"},{"reference_url":"https://github.com/DSpace/DSpace/commit/afcc6c3389729b85d5c7b0230cbf9aaf7452f31a","reference_id":"afcc6c3389729b85d5c7b0230cbf9aaf7452f31a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:52Z/"}],"url":"https://github.com/DSpace/DSpace/commit/afcc6c3389729b85d5c7b0230cbf9aaf7452f31a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31189","reference_id":"CVE-2022-31189","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31189"},{"reference_url":"https://github.com/advisories/GHSA-c2j7-66m3-r4ff","reference_id":"GHSA-c2j7-66m3-r4ff","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c2j7-66m3-r4ff"},{"reference_url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-c2j7-66m3-r4ff","reference_id":"GHSA-c2j7-66m3-r4ff","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:52Z/"}],"url":"https://github.com/DSpace/DSpace/security/advisories/GHSA-c2j7-66m3-r4ff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/579465?format=json","purl":"pkg:maven/org.dspace/dspace-parent@6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@6.4"}],"aliases":["CVE-2022-31189","GHSA-c2j7-66m3-r4ff"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twyj-43v5-fydy"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.dspace/dspace-parent@5.9"}