============================================================================================================================================= | # Title : DSpace 7.6.6-next Discovery API Reflected XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) | | # Vendor : https://dspace.org/download/ | ============================================================================================================================================= [+] Summary : A critical Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace version 7.6.6-next, specifically within the Discovery Search REST API. The issue arises due to improper input sanitization of the query parameter in the endpoint: /server/api/discover/search/objects An attacker can craft a malicious URL containing a specially encoded payload (e.g., SVG-based JavaScript execution) that, when visited by a victim, executes arbitrary JavaScript in the context of the trusted domain. This vulnerability could allow attackers to: Hijack user sessions Steal sensitive data Perform actions on behalf of authenticated users (including administrators) The flaw is particularly dangerous because it can be exploited via simple link sharing (phishing/social engineering), without requiring authentication. [+] POC : import urllib.parse target_url = "https://example/server/api/discover/search/objects" payload = "" final_url = f"{target_url}?query={urllib.parse.quote(payload)}" print("-" * 50) print(" URL by indoushkq ") print("-" * 50) print(final_url) print("-" * 50) Greetings to :============================================================================== jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)| ============================================================================================