Title: Message Title
|
|
|
|
Hi Jean-Paul,
I agree with your analysis and I will prepare a PR for the 4.1 release.
NOTICE FOR DSPACE USERS
We need to add a clear note here about the severity of that issue.
There is a chance of XSS attack but such attack should be performed by users that are trusted in at most all repositories where DSpace is used.
Communities&Collections are editable on by repository staff (user that are granted of additional admin rights)
Item can be submitted only by users with ADD right. In configuration that allowing submission from auto-registred user is normally setup a Workflow to review the submission.
So, the severity of this issue is generally very low - of course some heavy customized environments or unusual configuration should be aware of that
|
|
|
|
|
|
|
|
|
|
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel
