PT-2023-22088 · Unknown · Goobi Viewer Core

Mgeerdsen

Published

2023-04-06

Updated

2023-04-13

CVE-2023-29015

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Goobi viewer core versions prior to 23.03

Description A cross-site scripting issue has been identified in the user comment feature of the Goobi viewer core. This allows an attacker to create a specially crafted comment that results in the execution of malicious script code in the user's browser when the comment is displayed.

Recommendations For versions prior to 23.03, update to version 23.03 to resolve the issue. As a temporary workaround, consider disabling the user comment feature until the update is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-29015

GHSA-622W-995C-3C3H

Affected Products

Goobi Viewer Core

PT-2023-22088 · Unknown · Goobi Viewer Core

CVE-2023-29015

Weakness Enumeration

Related Identifiers

Affected Products

References · 9