CVE-2025-61190
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk13th percentile - higher than 13% of all known CVEs
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter.
Risk Assessment
An attacker can inject malicious JavaScript code that executes in the victim's browser, potentially leading to session theft, redirection to malicious sites, or credential theft.
Recommendation
Immediately update DSpace JSPUI to the latest patched version or apply a temporary fix by validating and encoding the output of the filter_type_1 parameter.
Original NVD description (English source)
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter.

