Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-FCPM-HCHJ-MH72
HistoryMar 20, 2024 - 3:15 p.m.

GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)

2024-03-2015:15:17
CWE-79
GitHub Advisory Database
github.com
16
geoserver
wms
xss
openlayers
security
vulnerability
catalog
admin
workspace
javascript
payload
browser
data

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Summary

A stored cross-site scripting (XSS) vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user’s browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users’ ability to trigger the XSS.

Impact

If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user. Amongst other things, the attacker can:

1 .Perform any action within the application that the user can perform.
2. View any information that the user is able to view.
3. Modify any information that the user is able to modify.
4. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.

References

https://osgeo-org.atlassian.net/browse/GEOS-11153
https://github.com/geoserver/geoserver/pull/7174

Affected configurations

Vulners
Node
org.geoserver\gsMatchwms
OR
org.geoserver\gsMatchwms

Related

cve 1
osv 2
nvd 1
cvelist 1
cve
cve
CVE-2024-23818
2024-03-20 18:15:09
osv
osv
CVE-2024-23818
2024-03-20 18:15:09
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
2024-03-20 15:15:17
nvd
nvd
CVE-2024-23818
2024-03-20 18:15:09
cvelist
cvelist
CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format
2024-03-20 17:57:38

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON
Related for GHSA-FCPM-HCHJ-MH72
cve1osv2nvd1cvelist1