Hi, There are currently no known vulnerabilities of these types if you are running DSpace 6.4 (the latest of the 6.x releases): https://wiki.lyrasis.org/display/DSDOC6x/Release+Notes
That said, as detailed in recent end-of-life announcements regarding 6.x, we recommend upgrading to DSpace 7 for the most security. Because of the age of the 6.x platform, DSpace 6 can never be made as secure as DSpace 7. https://wiki.lyrasis.org/display/DSPACE/Support+for+DSpace+5+and+6+is+ending+in+2023 Tim On Thursday, August 11, 2022 at 8:01:56 AM UTC-5 Rajiv Gujral wrote: > Kindly advise how to fix the following *vulnerabilities* in *D Space* > Version 6.0 > > 1. *Stored XSS* - Cross-site scripting (also known as XSS) is a web > security vulnerability which occurs when a malicious script is injected > directly into a vulnerable web application cause of input validation. > > 2. *Reflected XSS* -- Reflected XSS is one of the part of > Cross-Site-Scripting attacks and termed as “Non-Persistence XSS” or “Type > II”. > > 3 R*ate Limiting*- number of wrong login attempts to be limited to 3 > > 4. *CSRF*- cross site request forgery- The most effective way to > protect against CSRF vulnerabilities requests an additional token that is > not transmitted in a cook in a hidden form field > > 5. *Click jacking - * > > > > > * Thanks* > > * Rajiv Gujral* > > * Group member* > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/faebc50d-4516-434f-8cd8-2a16a80ebb16n%40googlegroups.com.
