CVE-2023-29014 MEDIUM

CVE-2023-29014: Goobi viewer Core Reflected Cross-Site Scripting Vulnerability Using LOGID Parameter

Vendor Intranda
Product goobi-viewer-core
Weakness CWE-79 · XSS
Published April 6, 2023
Last update February 10, 2025

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user's browser. The vulnerability has been fixed in version 23.03.

Key dates

02Disclosure timeline

April 6, 2023 CVE published
February 10, 2025 Record updated

Related vulnerabilities

04Related CVE