cvedb.io
CVE-2023-29014
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2023-04-06T20:15:08.557 · Last modified 2026-06-17T05:49:11.523

Summary

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user's browser. The vulnerability has been fixed in version 23.03.

Affected products

intranda — goobi_viewer_core

Does this affect you?

Add your gear to cvedb and we'll alert you only when intranda ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.