CVE-2025-61190

MEDIUM

DSpace JSPUI 6.5 - Reflected Cross-Site Scripting via Search Filter Parameter

Title source: llm

Description

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter.

References (3)

Core 3

Core References

http://dspace.com

http://lyrasis.com

https://gist.github.com/MerttTuran/9cf7de549749fe3ef7ce08d65e3540bd

Scores

CVSS v3 6.1

EPSS 0.0028

EPSS Percentile 19.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

lyrasis/dspace 6.5

n/a/n/a

Published Mar 27, 2026

Tracked Since Mar 29, 2026