CVE-2023-29015
published 2023-04-06CVE-2023-29015: The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified…
PriorityP426medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.44%
35.4th percentile
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. The vulnerability has been fixed in version 23.03.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intranda | goobi-viewer-core | < 23.03 | 23.03 |
| intranda | goobi_viewer_core | < 23.03 | 23.03 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments
ghsa·2023-04-07
CVE-2023-29015 [MEDIUM] CWE-79 Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments
### Impact
A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment.
### Patches
The vulnerability has been fixed in version 23.03
If you have any questions or comments about this advisory:
* Email us at [[email protected]](mailto:[email protected])
OSV
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments
osv·2023-04-07
CVE-2023-29015 [MEDIUM] Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments
### Impact
A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment.
### Patches
The vulnerability has been fixed in version 23.03
If you have any questions or comments about this advisory:
* Email us at [[email protected]](mailto:[email protected])
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/intranda/goobi-viewer-core/commit/f0ccde2d469efd9597c3062d00177a63341f2256https://github.com/intranda/goobi-viewer-core/security/advisories/GHSA-622w-995c-3c3hhttps://github.com/intranda/goobi-viewer-core/commit/f0ccde2d469efd9597c3062d00177a63341f2256https://github.com/intranda/goobi-viewer-core/security/advisories/GHSA-622w-995c-3c3h
2023-04-06
Published