Advice reg XSS, CSRF , Clickjacking vulnerability fix in Dspace ver 6.0
178 views
Skip to first unread message
Rajiv Gujral
Aug 11, 2022, 9:01:56 AM8/11/22
to dspac...@googlegroups.com
Kindly advise how to fix the following vulnerabilities in D Space Version 6.0
1. Stored XSS - Cross-site scripting (also known as XSS) is a web security vulnerability which occurs when a malicious script is injected directly into a vulnerable web application cause of input validation.
2. Reflected XSS -- Reflected XSS is one of the part of Cross-Site-Scripting attacks and termed as “Non-Persistence XSS” or “Type II”.
3 Rate Limiting- number of wrong login attempts to be limited to 3
4. CSRF- cross site request forgery- The most effective way to protect against CSRF vulnerabilities requests an additional token that is not transmitted in a cook in a hidden form field
5. Click jacking -
Thanks
Rajiv Gujral
Group member
Tim Donohue
Aug 17, 2022, 4:57:41 PM8/17/22
to DSpace Technical Support
Hi,
There are currently no known vulnerabilities of these types if you are running DSpace 6.4 (the latest of the 6.x releases): https://wiki.lyrasis.org/display/DSDOC6x/Release+Notes
There are currently no known vulnerabilities of these types if you are running DSpace 6.4 (the latest of the 6.x releases): https://wiki.lyrasis.org/display/DSDOC6x/Release+Notes
That said, as detailed in recent end-of-life announcements regarding 6.x, we recommend upgrading to DSpace 7 for the most security. Because of the age of the 6.x platform, DSpace 6 can never be made as secure as DSpace 7. https://wiki.lyrasis.org/display/DSPACE/Support+for+DSpace+5+and+6+is+ending+in+2023
Tim
Reply all
Reply to author
Forward
0 new messages