CVE-2023-29015 MEDIUM

CVE-2023-29015: Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments

Vendor Intranda
Product goobi-viewer-core
Weakness CWE-79 · XSS
Published April 6, 2023
Last update February 10, 2025
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. The vulnerability has been fixed in version 23.03.

Key dates

02Disclosure timeline

April 6, 2023 CVE published
February 10, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-30214 Cross-Site Scripting (XSS) vulnerability in SAP Business Connector CVE-2025-32602 WordPress WooMS Plugin <= 9.12 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2020-9055 Versiant Lynx Customer Service Portal version 3.5.2 is vulnerable to stored cross-site scripting, which may allow an attacker to execute arbitrary JavaScript CVE-2025-46448 WordPress Document Management System plugin <= 1.24 - Cross Site Scripting (XSS) Vulnerability CVE-2020-8031 obs: Stored XSS