Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

NVD
NVDadded 2024/03/20 6:15 p.m.11 views

CVE-2024-23642

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

4.8CVSS4.9AI score0.00401EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2024/03/20 5:44 p.m.11 views

CVE-2024-23642 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

4.8CVSS5.5AI score0.00401EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2024/03/20 12:0 a.m.3 views

PT-2024-19993 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.4 and 2.24.1 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog. This...

4.8CVSS5.9AI score0.00401EPSS
Exploits0References12
Positive Technologies
Positive Technologiesadded 2024/03/20 12:0 a.m.2 views

PT-2024-20099 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.3 and 2.24.1 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog. This...

4.8CVSS5.9AI score0.00452EPSS
Exploits0References13
Vulnrichment
Vulnrichmentadded 2023/10/24 8:15 p.m.15 views

CVE-2023-41339 Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles,...

8.6CVSS6.9AI score0.00179EPSS
Exploits0References3
CVE
CVEadded 2023/10/24 8:15 p.m.116 views

CVE-2023-41339

GeoServer exposes a Server-Side Request Forgery (SSRF) risk via the dynamic styling parameter sld= in GetMap/GetLegendGraphic/GetFeatureInfo when URL checks are not configured. The vulnerability enables an attacker to cause the server to fetch external resources, potentially capturing NetNTLMv2 h...

8.6CVSS6.8AI score0.00179EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2021/08/30 4:15 a.m.2 views

CVE-2021-37749

MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 aka 16.6.2.66 allows blind SQL Injection via the Id within sourceItems parameter to the GetMap method...

9.8CVSS5.8AI score0.00675EPSS
Exploits1References3
CNNVD
CNNVDadded 2021/08/30 12:0 a.m.0 views

Hexagon GeoMedia WebMap SQL注入漏洞

Hexagon GeoMedia WebMap is a Web-based geospatial data visualization and analysis server product from Hexagon. A SQL injection vulnerability exists in MapService.svc in versions prior to Hexagon GeoMedia WebMap 2020 Update 2 16.6.2.66, which stems from a vulnerability in MapService.svc that allow...

10CVSS8.5AI score0.00675EPSS
Exploits1References3
Rows per page
Query Builder