Harvard University · Iqss Dataverse · CVE-2026-1879
Name of the Vulnerable Software and Affected Versions
Harvard University IQSS Dataverse versions up to 6.8
Description
A flaw exists in Harvard University IQSS Dataverse that allows for unrestricted file upload through manipulation of the `uploadLogo` argument in the `/ThemeAndWidgets.xhtml` file within the Theme Customization component. This issue is publicly exploitable.
Recommendations
Upgrade to version 6.10 or later.