cvedb.io
CVE-2023-29015
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2023-04-06T20:15:08.613 · Last modified 2026-06-17T05:49:11.650

Summary

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. The vulnerability has been fixed in version 23.03.

Affected products

intranda — goobi_viewer_core

Does this affect you?

Add your gear to cvedb and we'll alert you only when intranda ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.