Описание
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. The vulnerability has been fixed in version 23.03.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 23.03 (исключая)
cpe:2.3:a:intranda:goobi_viewer_core:*:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00878
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 3 года назад
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments
EPSS
Процентиль: 75%
0.00878
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79