CVE-2023-29014

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-29014

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29014.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-29014

Aliases

GHSA-7v7g-9vx6-vcg2

Published

2023-04-06T20:15:08Z

Modified

2024-05-14T12:52:04.320093Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user's browser. The vulnerability has been fixed in version 23.03.

References

Affected packages

Git / github.com/intranda/goobi-viewer-core

Affected ranges

Type: GIT
Repo: https://github.com/intranda/goobi-viewer-core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c29efe60e745a94d03debc17681c4950f3917455

Affected versions

v21.*

v21.01

v21.01.1

v21.01.2

v21.01.3

v21.01.4

v21.01.5

v21.02

v21.02.1

v21.02.2

v21.02.3

v21.02.4

v21.03

v21.03.1

v21.03.2

v21.03.3

v21.04

v21.04.1

v21.04.2

v21.04.3

v21.04.4

v21.04.5

v21.05

v21.05.1

v21.05.2

v21.06

v21.06.1

v21.06.2

v21.06.3

v21.06.4

v21.06.5

v21.06.6

v21.06.7

v21.06.8

v21.07

v21.07.1

v21.07.2

v21.08

v21.08.1

v21.08.2

v21.08.3

v21.08.4

v21.08.5

v21.08.6

v21.08.7

v21.08.8

v21.08.9

v21.09

v21.09.1

v21.09.2

v21.09.3

v21.09.4

v21.10

v21.10.1

v21.10.2

v21.10.3

v21.10.4

v21.10.5

v21.11

v21.11.1

v21.11.2

v21.11.3

v21.11.4

v21.11.5

v21.11.6

v21.12

v22.*

v22.01

v22.01.1

v22.01.2

v22.01.3

v22.02

v22.02.1

v22.02.2

v22.02.3

v22.03

v22.03.1

v22.05

v22.05.1

v22.06

v22.06.1

v22.06.2

v22.06.3

v22.06.4

v22.07

v22.08

v22.08.1

v22.08.2

v22.08.3

v22.08.4

v22.09

v22.10

v22.10.1

v22.10.2

v22.10.3

v22.10.4

v22.10.5

v22.11

v22.11.1

v22.12

v23.*

v23.01

v23.01.1

v3.*

v3.4.10

v3.4.2

v3.4.7

v3.4.8

v3.4.9

v4.*

v4.10.0

v4.10.1

v4.10.3

v4.11.0

v4.11.1

v4.12.0

v4.12.1

v4.12.2

v4.13.0

v4.13.1

v4.3.0

v4.3.1

v4.3.2

v4.3.3

v4.3.5

v4.3.6

v4.3.7

v4.3.8

v4.4.0

v4.4.2

v4.5.0

v4.5.1

v4.6.0

v4.6.1

v4.6.2

v4.7.0

v4.7.1

v4.8.0

v4.8.1

v4.8.2

v4.8.3

v4.9.0

v4.9.1

v4.9.2