497 matches found
CVE-2025-66168 vulnerabilities
Vulnerabilities for packages: geoserver...
CVE-2020-11971 vulnerabilities
Vulnerabilities for packages: geoserver...
GHSA-C825-6PH3-4H84 vulnerabilities
Vulnerabilities for packages: geoserver...
CVE-2023-43795
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...
Exploit for Improper Restriction of XML External Entity Reference in Geoserver
During my geoserver analysis I found another way to attack una...
GeoServer WMS GetMap XXE Arbitrary File Read
This module exploits an XML External Entity XXE vulnerability in GeoServer via the WMS GetMap operation. The vulnerability allows reading arbitrary files from the server's file system by injecting an XXE entity in the SLD Styled Layer Descriptor. Affected versions: - GeoServer = 2.26.0, use...
XML External Entity (XXE)
GeoServer is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML entity resolution in schema parsing, which allows an attacker to exploit external entity references to access sensitive data or perform unauthorized actions...
Exploit for Improper Restriction of XML External Entity Reference in Geoserver
CVE-2025-58360: GeoServer XXE Lab Unauthenticated XML Ext...
Vulnerability fixed in GeoServer
OSGeo has fixed a vulnerability in GeoServer. The vulnerability is in the way GeoServer processes XML input, specifically via the /geoserver/wms GetMap operation. Improper sanitation of XML input allows attackers to disclose sensitive files or conduct denial-of-service attacks using custom XML...
Exploit for Improper Restriction of XML External Entity Reference in Geoserver
CVE-ID How does this detection method work? How do...
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-58360 CVSS...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-58360link is external OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability This type of vulnerability is a frequent attack...
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability
OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request...
VulnCheck KEV: CVE-2025-58360
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...
CVE-2025-21621
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
CVE-2025-58360
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...
CVE-2025-21621
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
CVE-2025-21621 GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
CVE-2025-21621 GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
CVE-2025-21621
CVE-2025-21621 affects GeoServer prior to version 2.25.0, with a reflected XSS vulnerability in the WMS GetFeatureInfo HTML output format. This could enable arbitrary JavaScript execution in a victim’s browser via specially crafted SLD_BODY parameters. The issue has been patched in 2.25.0. Exploi...