UBUNTU-CVE-2026-42030

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

CVE-2026-42030 MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

CVE-2026-42030

Technical details about CVE-2026-42030 are not publicly provided in the supplied documents. Monitor for updates from MapServer advisories and the CVE entry.

CVE-2026-42030

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

CVE-2026-42030 MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

CVE-2026-42030

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

Linux Distros Unpatched Vulnerability : CVE-2026-42030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS serv...

PT-2026-39152

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

Mapserver 安全漏洞

Mapserver is an open-source platform developed by the Open Geospatial Foundation, designed for publishing spatial data and interactive map applications to the web. Vulnerabilities existed in MapServer versions from 6.0 to 8.6.2. These vulnerabilities stemmed from the combination of the...

Fedora 44 : mapserver (2026-b5a2da2c73)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b5a2da2c73 advisory. Update to mapserver 8.6.1. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

[SECURITY] Fedora 44 Update: mapserver-8.6.1-1.fc44

MapServer is an Open Source platform for publishing spatial data and interactive mapping applications to the web...

Debian dla-4537 : cgi-mapserver - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4537 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4537-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 4537-1] mapserver security update

Debian LTS Advisory DLA-4537-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin April 17, 2026 https://wiki.debian.org/LTS Package : mapserver Version : 7.6.2-1+deb11u2 CVE ID : CVE-2026-33721 A heap-buffer-overflow was found in mapserver, a CGI-based framework for...

Linux Distros Unpatched Vulnerability : CVE-2026-30479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...

CVE-2026-30479

A flaw was found in MapServer. This Dynamic-link Library DLL Injection vulnerability allows attackers to execute arbitrary code. The flaw can be exploited by providing a specially crafted executable, potentially leading to unauthorized control over the affected system...

CVE-2026-30478

A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable...

openSUSE 16 Security Update : mapserver (openSUSE-SU-2026:20476-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20476-1 advisory. Changes in mapserver: - Update to release 8.6.1 msSLDParseRasterSymbolizer: fix potential heap buffer overflow boo1260869 CVE-2026-33721 GetFeatureInfo...

EUVD-2026-20960

A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable...

EUVD-2026-20932

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...

CVE-2026-30478

A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable...