18 matches found
EUVD-2025-17668
Malicious code in bioql PyPI...
CVE-2024-23643
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
GeoServer < 2.23.4 Multiples Vulnerabilities
According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.2. It is, therefore, affected by Multiples Vulnerabilities : - An Arbitrary file upload vulnerability in REST Coverage Store API - A Stored Cross-Site Scripting XSS vulnerabilit...
GeoServer 2.24.0 < 2.24.1 Multiples Vulnerabilities
According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.2. It is, therefore, affected by Multiples Vulnerabilities : - An Arbitrary file upload vulnerability in REST Coverage Store API - A Stored Cross-Site Scripting XSS vulnerabilit...
CVE-2024-23821
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23643
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23821
GeoServer exposes a stored XSS in the GWC Demos Page. Affected: GeoServer with GWC Demos Page accessible to all users; vulnerability requires an authenticated administrator with workspace‑level privileges to store a JavaScript payload in the GeoServer catalog, which then executes in another user’...
CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23643 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23643 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23643 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to...
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form...
PT-2024-19994 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.2 and 2.24.1 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog. This...
GeoServer GeoWebCache Security Vulnerability
GeoWebCache is a Java Web application for caching map slices from various sources, such as the OGC Web Map Service WMS. A security vulnerability exists in GeoServer GeoWebCache version 1.15.1 and earlier, which stems from an unauthorized access vulnerability in the /geoserver/gwc/rest.html page...
GWC CMS 1.0 SQL Injection Exploit
Exploit for php platform in category web applications Exploit Title: GWC CMS SQL Injection Vulnerability Exploit Author: nopesled Google Dork: "inurl:?langid=1 inurl:topmenuid=" Date: 08/07/2015 Version: 1.0 Tested on: Linux !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common qwGET; prin...
GWC CMS 1.0 SQL Injection
Exploit Title: GWC CMS SQL Injection Vulnerability Exploit Author: nopesled Google Dork: "inurl:?langid=1 inurl:topmenuid=" Date: 08/07/2015 Version: 1.0 Tested on: Linux !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common qwGET; print " == Exploit by nopesled == \n"; if @ARGV new;...