Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames
Vulnerability Description
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain pages. The vulnerability has been fixed in version 23.03.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Intranda Goobi Viewer Core 跨站脚本漏洞
Vulnerability Description
Intranda Goobi Viewer Core是德国Intranda公司的一套基于Web的数字图书馆系统。 Intranda Goobi Viewer Core 23.03之前版本存在跨站脚本漏洞,该漏洞源于存在跨站脚本(XSS)漏洞。攻击者可利用该漏洞创建一个用户并将恶意脚本嵌入个人资料的昵称中,从而在用户浏览器中执行恶意脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A