497 matches found
CVE-2025-21621
CVE-2025-21621 affects GeoServer prior to version 2.25.0, with a reflected XSS vulnerability in the WMS GetFeatureInfo HTML output format. This could enable arbitrary JavaScript execution in a victim’s browser via specially crafted SLD_BODY parameters. The issue has been patched in 2.25.0. Exploi...
CVE-2025-21621 GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
CVE-2025-58360
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...
CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...
CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...
EUVD-2025-199606
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...
CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...
CVE-2025-58360
CVE-2025-58360 : GeoServer contains an XML External Entity (XXE) vulnerability in the GetMap operation (/geoserver/wms). The issue arises from insufficient XML input sanitization, allowing external entities to be defined in requests. Affected: GeoServer versions 2.26.0–2.26.1 and 2.25.0–2.25.5 (i...
GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
Description An XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML...
GHSA-FJF5-XGMQ-5525 GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
Description An XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML...
GHSA-W66H-J855-QR72 GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format
Summary A reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's browser through specially crafted SLDBODY parameters. Details The WMS service setting that controls HTML...
PT-2025-48090
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
GeoServer 代码问题漏洞
GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer versions 2.26.0 through prior to 2.26.2 and prior to 2.25.6, which stems from insufficiently cleaned or restricted X...
GeoServer 跨站脚本漏洞
GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A cross-site scripting vulnerability exists in GeoServer versions prior to 2.25.0, which stems from the presence of reflective cross-site scripting in the WMS...
PT-2025-48086
Name of the Vulnerable Software and Affected Versions: GeoServer versions 2.26.0 through 2.26.1 and versions prior to 2.25.6 Description: GeoServer is an open-source server for sharing and editing geospatial data. A vulnerability exists due to improper restriction of XML external entity reference...
Exploit for Code Injection in Geoserver
CVE-2024-36401 GeoServer Exploit Tool Vulnerability Descri...
EUVD-2024-0889
Malicious code in bioql PyPI...
EUVD-2024-26218
Malicious code in bioql PyPI...
EUVD-2022-3188
Malicious code in bioql PyPI...
EUVD-2025-17669
Malicious code in bioql PyPI...