Lucene search
China National Vulnerability DatabaseCNVD-2024-14578HistoryMar 22, 2024 - 12:00 a.m.
GeoServer Cross-Site Scripting Vulnerability
2024-03-2200:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
geoserver
cross-site scripting
vulnerability
java
geospatial data
filtering
escaping
user-supplied data
attacker
web script
html
payload
exploited
GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. A cross-site scripting vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application’s lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload.
| CPE | Name | Operator | Version |
|---|---|---|---|
| geoserver geoserver | lt | 2.23.4 | |
| geoserver geoserver | lt | 2.24.1 |
Related
cvelist
cvelist
osv
osv
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
2024-03-20 15:18:21
nvd
nvd
CVE-2024-23821
2024-03-20 18:15:10
github
github
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
2024-03-20 15:18:21
cve
cve
CVE-2024-23821
2024-03-20 18:15:10