cbcvebase.

Intranda Goobi-Viewer-Core vulnerabilities

5 known vulnerabilities affecting intranda/goobi-viewer-core.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2026-45083P2CRITICALCVSS 9.8v>= 4.8.0, < 26.04.12026-05-27
CVE-2026-45083 [CRITICAL] CWE-306 CVE-2026-45083: The Goobi viewer is a web application that allows digitised material to be displayed in a web browse The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to the backend Solr server without restriction. An attack
nvd
CVE-2020-15124P4MEDIUMCVSS 6.5fixed in 4.8.32020-07-22
CVE-2020-15124 [MEDIUM] CWE-22 CVE-2020-15124: In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attacker In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attackers to access files on the server via the application. This is limited to files accessible to the application server user, eg. tomcat, but can potentially lead to the disclosure of sensitive information. The vulnerability has been fixed in version 4.8.3
nvd
CVE-2023-29016P4MEDIUMCVSS 6.1fixed in 23.032023-04-06
CVE-2023-29016 [MEDIUM] CWE-79 CVE-2023-29016: The Goobi viewer is a web application that allows digitised material to be displayed in a web browse The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution
nvd
CVE-2023-29015P4MEDIUMCVSS 6.1fixed in 23.032023-04-06
CVE-2023-29015 [MEDIUM] CWE-79 CVE-2023-29015: The Goobi viewer is a web application that allows digitised material to be displayed in a web browse The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's
nvd
CVE-2023-29014P4MEDIUMCVSS 6.1fixed in 23.032023-04-06
CVE-2023-29014 [MEDIUM] CWE-79 CVE-2023-29014: The Goobi viewer is a web application that allows digitised material to be displayed in a web browse The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation
nvd
Intranda Goobi-Viewer-Core vulnerabilities | cvebase