The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. The vulnerability has been fixed in version 23.03.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| io.goobi.viewer:viewer-core(Maven) | 0 | 23.03 | N/A |
CVSS Metrics
