Dear Dspace Team The eperson-list module in the endpoint tools does not correctly validate the entries in the search parameter, which makes it possible to enter malicious scripts that could affect the confidentiality of users who trust this information system.
Sanitization of application data inputs should be applied through filtering functions at the source code level. Test in Dspace 6.3 [image: error3.JPG] Thanks in advance Jaime Solorzano -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/6a7f50be-bfc4-4b28-bb10-1097a277a94dn%40googlegroups.com.