Lucene search

GitHub Advisory DatabaseGHSA-622W-995C-3C3H

HistoryApr 07, 2023 - 7:22 p.m.

Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments

2023-04-0719:22:38

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

user comments

security advisory

goobi viewer core

version 23.03

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.3%

JSON

Impact

A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user’s browser when displaying the comment.

Patches

The vulnerability has been fixed in version 23.03

If you have any questions or comments about this advisory:

Email us at [email protected]

Affected configurations

Vulners

Node

io.goobi.viewer\viewerMatchcore

CPENameOperatorVersion
io.goobi.viewer:viewer-corelt23.03

CPE	Name	Operator	Version
	io.goobi.viewer:viewer-core	lt	23.03

References

github.com/advisories/GHSA-622w-995c-3c3h

github.com/intranda/goobi-viewer-core/commit/f0ccde2d469efd9597c3062d00177a63341f2256

github.com/intranda/goobi-viewer-core/security/advisories/GHSA-622w-995c-3c3h

nvd.nist.gov/vuln/detail/CVE-2023-29015

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.3%

JSON

Related for GHSA-622W-995C-3C3H