CVE-2023-29014

Name of the Vulnerable Software and Affected Versions Goobi viewer versions prior to 23.03

Description A reflected cross-site scripting issue has been identified in the Goobi viewer core when evaluating the LOGID parameter. This could allow an attacker to trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user's browser.

Recommendations For versions prior to 23.03, update to version 23.03 to resolve the issue. As a temporary workaround, consider restricting access to the LOGID parameter to minimize the risk of exploitation.