PT-2023-22088 · Unknown · Goobi Viewer Core

Mgeerdsen

Publicado

2023-04-06

Atualizado

2023-04-13

CVE-2023-29015

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Goobi viewer core versions prior to 23.03

Description A cross-site scripting issue has been identified in the user comment feature of the Goobi viewer core. This allows an attacker to create a specially crafted comment that results in the execution of malicious script code in the user's browser when the comment is displayed.

Recommendations For versions prior to 23.03, update to version 23.03 to resolve the issue. As a temporary workaround, consider disabling the user comment feature until the update is applied.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-29015

GHSA-622W-995C-3C3H

Produtos afetados

Goobi Viewer Core

PT-2023-22088 · Unknown · Goobi Viewer Core

CVE-2023-29015

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9