PT-2024-20103 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.4 and 2.24.1 Description: A stored cross-site scripting XSS vulnerability exists in GeoServer that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the...

lotfian-sqlxss.txt

Aria-Security Team http://Aria-Security.Net ---------------------------------------- Lotfian Brochure and cataloge Script XSS And SQL Injection Original Advisory @ http://aria-security.net/forum/showthread.php?p=1135 Username/Password Field can run SQL Queries, For Example I got these:...