Skip to content

Cross-Site Scripting Vulnerability in User Nicknames

Moderate
mgeerdsen published GHSA-2r9r-8fcg-m38g Apr 6, 2023

Package

maven io.goobi.viewer.viewer-core (Maven)

Affected versions

<23.03

Patched versions

23.03

Description

Impact

A cross-site scripting vulnerability has been identified in Goobi viewer core when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain pages.

Patches

The vulnerability has been fixed in version 23.03

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2023-29016

Weaknesses

No CWEs