This vulnerability is a reflected XSS in DSpace JSPUI 6.5, specifically in the search/discover filtering feature where the filter_type_1 parameter is not properly sanitized. An attacker can craft a malicious URL or input that, when processed by the application, reflects the injected script back to the user, potentially leading to script execution in the victim's browser. The CVSS 3.1 vector indicates it is remotely exploitable without privileges, requires user interaction, and impacts confidentiality and integrity with no availability impact.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the victim's browser session, potentially leading to information disclosure or manipulation of client-side data. The impact is limited to confidentiality and integrity with no direct impact on availability. There are no reports of active exploitation currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider applying input validation or output encoding workarounds if feasible. Avoid clicking on suspicious links that may exploit this vulnerability.