497 matches found
CVE-2024-23640 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...
CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...
CVE-2024-23634
CVE-2024-23634 (GeoServer) affects GeoServer versions prior to 2.23.5 and 2.24.2. An authenticated administrator with REST Coverage/Data Store API file-store permissions can rename arbitrary files/directories to names not ending in .zip. External uploads are particularly susceptible, risking deni...
CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to...
GHSA-7X76-57FR-M5R5 GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapM...
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapM...
GHSA-FCPM-HCHJ-MH72 GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers...
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers...
CVE-2023-41877
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...
CVE-2023-51444
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the...
CVE-2023-51445
GeoServer’s CVE-2023-51445 is a stored XSS in the REST Resources API. Affected versions prior to 2.23.3 and 2.24.0 allow an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources, which will execute in another administrator’s b...
CVE-2023-51445 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2023-51445 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2023-51445 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...
GHSA-56R3-F536-5GF7 GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form...
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form...
GHSA-FG9V-56HW-G525 GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output...
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output...