Описание
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain pages. The vulnerability has been fixed in version 23.03.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 23.03 (исключая)
cpe:2.3:a:intranda:goobi_viewer_core:*:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00878
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 3 года назад
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames
EPSS
Процентиль: 75%
0.00878
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79