CVE-2022-31192

HIGH

DSpace 4.0-5.9 and dspace-jspui 5.0-5.10 - Stored Cross-Site Scripting in Request a Copy Form

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31192. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository contains the source code for DSpace, an open-source repository application. The README provides an overview, installation instructions, and contribution guidelines, but no exploit code or proof-of-concept for CVE-2022-31192 is present.

Description

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Exploits (1)

nomisec WRITEUP
by shoucheng3 · poc
https://github.com/shoucheng3/DSpace__DSpace_CVE-2022-31192_5-100

This repository contains the source code for DSpace, an open-source repository application. The README provides an overview, installation instructions, and contribution guidelines, but no exploit code or proof-of-concept for CVE-2022-31192 is present.

Classification
Writeup 90%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: DSpace
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.1
EPSS 0.0032
EPSS Percentile 55.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
duraspace/dspace 4.0 - 5.10
org.dspace/dspace-jspui 5.0 - 5.11Maven
Published Aug 01, 2022
Tracked Since Feb 18, 2026