Security Advisory

CVE-2023-29014

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-04-06 19:03:19
Last updated 2025-02-10 16:12:23
Assigner GitHub_M
State PUBLISHED

Description

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the users browser. The vulnerability has been fixed in version 23.03.