Executive Summary

CVE-2025-61190 is a Reflected Cross-Site Scripting (XSS) vulnerability found in DSpace JSPUI version 6.5, specifically in the search/discover filtering functionality.

The vulnerability occurs because the filter_type_1 parameter accepts user input that is not properly sanitized or encoded before being reflected in the HTML output.

This improper sanitization allows attackers to inject arbitrary JavaScript code that executes in the browsers of users who visit a specially crafted URL.

An attacker can exploit this remotely by sending a malicious request containing harmful input in the filter_type_1 parameter, which can be delivered via a malicious URL or by intercepting and modifying traffic.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows arbitrary JavaScript execution in users' browsers, which can lead to session hijacking, phishing attacks, and user interface manipulation.

Such attacks can compromise the confidentiality and integrity of user data, potentially leading to unauthorized access to personal or sensitive information.

This can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal data against unauthorized access and ensuring secure handling of user information.

Useful 0 Not Useful 0

Impact Analysis

Successful exploitation of this vulnerability can lead to arbitrary JavaScript execution in the victim’s browser.

• Session hijacking, allowing attackers to steal user sessions.
• Phishing attacks by manipulating the user interface to trick users.
• User interface manipulation that can mislead or confuse users.
• Other client-side attacks that compromise user security and privacy.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by testing the search/discover filtering functionality of DSpace JSPUI version 6.5, specifically by injecting malicious input into the filter_type_1 parameter and observing if it is improperly sanitized and reflected in the HTML output.

A practical detection method is to send a crafted HTTP request with a payload such as: test1"><input onfocus=javascript:confirm(1) autofocus> (URL encoded as test1%22%3E%3Cinput+onfocus%3djavascript%3aconfirm(1)+autofocus%3E) to the filter_type_1 parameter and check if the injected JavaScript executes in the browser.

Example command using curl to test the vulnerability:

• curl -G --data-urlencode 'filter_type_1=test1"><input onfocus=javascript:confirm(1) autofocus>' https://target.example/discover

Alternatively, intercepting and modifying traffic with tools like Burp Suite to inject the payload into the filter_type_1 parameter can help detect the vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include sanitizing and encoding all user-supplied input, especially the filter_type_1 parameter, to prevent execution of injected scripts.

If a patch or update is available from the vendor (Lyrasis for DSpace JSPUI), apply it promptly to fix the improper input sanitization.

As a temporary workaround, consider implementing web application firewall (WAF) rules to block or filter requests containing suspicious input patterns targeting the filter_type_1 parameter.

Educate users about the risks of clicking on untrusted URLs that may exploit this vulnerability.

Useful 0 Not Useful 0