499 matches found
CVE-2024-23819 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23819 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23819
GeoServer has a stored Cross-Site Scripting (XSS) vulnerability in the MapML HTML Page. An authenticated administrator with workspace‑level privileges can store a JavaScript payload in the GeoServer catalog, which executes in another user’s browser when the MapML HTML Page is viewed. The MapML ex...
CVE-2024-23819 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23818
GeoServer’s WMS OpenLayers Format has a stored XSS vulnerability that can be triggered by an authenticated administrator with workspace privileges to store a JavaScript payload in the GeoServer catalog, executed in another user’s browser when rendering WMS GetMap. Affected are versions prior to 2...
CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23643 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23643 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23643
GeoServer contains a stored XSS vulnerability (CVE-2024-23643) in the GWC Seed Form. A authenticated administrator with workspace-level privileges can store a JavaScript payload in the GeoServer catalog, which then executes in another administrator’s browser when the GWC Seed Form is viewed. Affe...
CVE-2024-23643 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23642 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23642
GeoServer stores a Stored Cross-Site Scripting (XSS) vulnerability in the Simple SVG Renderer. The issue affects versions prior to 2.23.4 and 2.24.1, where an authenticated administrator with workspace‑level privileges can store a JavaScript payload in the GeoServer catalog that executes in anoth...
CVE-2024-23642 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23642 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23640
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23634
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...
CVE-2023-51445
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23640 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...