2023-04-06 19:03:23
GitHub_M
PUBLISHED
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the users browser when displaying the comment. The vulnerability has been fixed in version 23.03.