Tag
#xss
### Impact A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. ### Patches The vulnerability has been fixed in version 23.03 If you have any questions or comments about this advisory: * Email us at [support@intranda.com](mailto:support@intranda.com)
### Impact A cross-site scripting vulnerability has been identified in Goobi viewer core when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain pages. ### Patches The vulnerability has been fixed in version 23.03 If you have any questions or comments about this advisory: * Email us at [support@intranda.com](mailto:support@intranda.com)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions.
Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions.
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions.
Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions.