34 matches found
CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script
The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...
CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script
The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...
CVE-2025-25189
CVE-2025-25189 describes a reflected cross-site scripting vulnerability in the ZOO-Project Web Processing Service (WPS) publish.py CGI script, prior to commit 7a5ae1a. The issue stems from the script reflecting the user-supplied jobid parameter into the HTML response without HTML encoding or sani...
CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script
The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...
ZOO-Project 跨站脚本漏洞
ZOO-Project is an open source processing platform from ZOO-Project Open Source. A cross-site scripting vulnerability exists in ZOO-Project that stems from the EchoProcess service failing to perform proper security checks on SVG content when processing user input...
PT-2025-6112 · Unknown · Zoo-Project
Name of the Vulnerable Software and Affected Versions: ZOO-Project versions prior to commit 7a5ae1a Description: The issue is related to a reflected Cross-Site Scripting vulnerability in the ZOO-Project Web Processing Service WPS publish.py CGI script. This vulnerability occurs because the script...
ZOO-Project 跨站脚本漏洞
ZOO-Project is an open source processing platform from ZOO-Project Open Source. ZOO-Project suffers from a cross-site scripting vulnerability that stems from the publish.py CGI script reflecting user input for the jobid parameter directly into the HTTP response without HTML coding or cleanup...
PT-2025-6113 · Unknown · Zoo-Project
Name of the Vulnerable Software and Affected Versions: ZOO-Project versions prior to commit 7a5ae1a Description: The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service. The vulnerability exists because the EchoProcess service...
CVE-2024-53982
ZOO-Project is a C-based WPS Web Processing Service implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is...
CVE-2024-53982 Arbitrary file download in Zoo-Project Echo Example
ZOO-Project is a C-based WPS Web Processing Service implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is...
CVE-2024-53982
CVE-2024-53982 affects the Zoo-Project WPS implementation, specifically the Echo example. The vulnerability arises from lack of input validation in a file-caching parameter, enabling an attacker to fully control the file returned in the response (path traversal). A patch was committed on 2024-11-...
CVE-2024-53982 Arbitrary file download in Zoo-Project Echo Example
ZOO-Project is a C-based WPS Web Processing Service implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is...
CVE-2024-53982 Arbitrary file download in Zoo-Project Echo Example
ZOO-Project is a C-based WPS Web Processing Service implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is...
ZOO-Project 代码问题漏洞
ZOO-Project is an open source processing platform from ZOO-Project Open Source. A code issue vulnerability exists in ZOO-Project that stems from not performing input validation and a path traversal vulnerability that allows an attacker to take full control of the files returned in a response...