Описание
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user's browser. The vulnerability has been fixed in version 23.03.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 23.03 (исключая)
cpe:2.3:a:intranda:goobi_viewer_core:*:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00878
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 3 года назад
Goobi viewer Core Reflected Cross-Site Scripting Vulnerability Using LOGID Parameter
EPSS
Процентиль: 75%
0.00878
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79