Maven package
io.goobi.viewer/viewer-core
pkg:maven/io.goobi.viewer/viewer-core
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-45083 | Cri | 9.8 | >= 4.8.0, <= 26.04 | — | May 27, 2026 | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and f | |
| CVE-2023-29016 | — | < 23.03 | 23.03 | Apr 6, 2023 | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter mali | ||
| CVE-2023-29015 | — | < 23.03 | 23.03 | Apr 6, 2023 | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted co | ||
| CVE-2023-29014 | — | < 23.03 | 23.03 | Apr 6, 2023 | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a use |
- affected >= 4.8.0, <= 26.04
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and f
- CVE-2023-29016Apr 6, 2023affected < 23.03fixed 23.03
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter mali
- CVE-2023-29015Apr 6, 2023affected < 23.03fixed 23.03
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted co
- CVE-2023-29014Apr 6, 2023affected < 23.03fixed 23.03
The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a use