9 matches found
Cross site scripting
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting ...
Cross site scripting
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts int...
CVE-2023-29016 Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts int...
CVE-2023-29016 Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts int...
CVE-2023-29016
Goobi viewer core is affected by a cross-site scripting (XSS) vulnerability in user nicknames. An attacker could create a user account and inject malicious scripts into the nickname, leading to script execution in the user’s browser on pages that display nicknames. The issue is fixed in version 2...
CVE-2023-29015
Goobi Viewer Core has a cross-site scripting (XSS) vulnerability in the user comments feature prior to version 23.03. The issue allows an attacker to craft a comment that executes malicious script in a user’s browser when the comment is displayed. The vulnerability has been fixed in version 23.03...
CVE-2023-29015 Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting ...
CVE-2023-29014 Goobi viewer Core Reflected Cross-Site Scripting Vulnerability Using LOGID Parameter
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following ...
CVE-2023-29014
CVE-2023-29014 describes a reflected cross-site scripting vulnerability in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could lure a user to a crafted link, causing malicious script execution in the browser. Multiple connected records confirm the issue...