Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02MjJ3LTk5NWMtM2MzaM4AAyoM
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments
Impact
A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment.
Patches
The vulnerability has been fixed in version 23.03
If you have any questions or comments about this advisory:
- Email us at [email protected]
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02MjJ3LTk5NWMtM2MzaM4AAyoM
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Percentage: 0.00086
EPSS Percentile: 0.37595
Identifiers: GHSA-622w-995c-3c3h, CVE-2023-29015
References:
- https://github.com/intranda/goobi-viewer-core/security/advisories/GHSA-622w-995c-3c3h
- https://nvd.nist.gov/vuln/detail/CVE-2023-29015
- https://github.com/intranda/goobi-viewer-core/commit/f0ccde2d469efd9597c3062d00177a63341f2256
- https://github.com/advisories/GHSA-622w-995c-3c3h
Blast Radius: 1.0
Affected Packages
maven:io.goobi.viewer:viewer-core
Affected Version Ranges: < 23.03Fixed in: 23.03