CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

RedhatCVE•added 2026/05/15 2:2 p.m.•6 views

CVE-2026-42030

A flaw was found in MapServer, a system for developing web-based Geographic Information System GIS applications. A reflected Cross-Site Scripting XSS vulnerability in MapServer's Web Map Service WMS server allows an unauthenticated attacker to inject arbitrary HTML or JavaScript code into the...

6.1CVSS5.9AI score0.00016EPSS

Exploits1References2

SUSE CVE•added 2026/05/10 1:6 a.m.•6 views

SUSE CVE-2026-42030

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

6.1CVSS5.9AI score0.00016EPSS

Exploits1References3

NVD•added 2026/05/08 5:16 p.m.•8 views

CVE-2026-42030

6.1CVSS0.00016EPSS

Exploits1References2

OSV•added 2026/05/08 5:16 p.m.•4 views

UBUNTU-CVE-2026-42030

6.1CVSS5.9AI score0.00016EPSS

Exploits1References4

Cvelist•added 2026/05/08 3:56 p.m.•28 views

CVE-2026-42030 MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer

6.1CVSS0.00016EPSS

Exploits1References2

CVE•added 2026/05/08 3:56 p.m.•8 views

CVE-2026-42030

Technical details about CVE-2026-42030 are not publicly provided in the supplied documents. Monitor for updates from MapServer advisories and the CVE entry.

6.1CVSS5.9AI score0.00016EPSS

Exploits1References2Affected Software1

EUVD•added 2026/05/08 3:56 p.m.•6 views

EUVD-2026-28807

6.1CVSS5.9AI score0.00016EPSS

Exploits1References2

Vulnrichment•added 2026/05/08 3:56 p.m.•6 views

CVE-2026-42030 MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer

6.1CVSS5.9AI score0.00016EPSS

Exploits1References2

CNNVD•added 2026/05/08 12:0 a.m.•5 views

Mapserver 安全漏洞

Mapserver is an open-source platform developed by the Open Geospatial Foundation, designed for publishing spatial data and interactive map applications to the web. Vulnerabilities existed in MapServer versions from 6.0 to 8.6.2. These vulnerabilities stemmed from the combination of the...

6.1CVSS5.7AI score0.00016EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 8:40 a.m.•2 views

CVE-2024-23818

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

4.8CVSS5.6AI score0.00452EPSS

Exploits0References1

Tenable Nessus•added 2024/12/10 12:0 a.m.•6 views

GeoServer < 2.23.4 Multiples Vulnerabilities

According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.2. It is, therefore, affected by Multiples Vulnerabilities : - An Arbitrary file upload vulnerability in REST Coverage Store API - A Stored Cross-Site Scripting XSS vulnerabilit...

7.2CVSS6AI score0.04719EPSS

Exploits1References12

NVD•added 2024/03/20 6:15 p.m.•6 views

CVE-2024-23818

4.8CVSS4.9AI score0.00452EPSS

Exploits0References5

OSV•added 2024/03/20 5:57 p.m.•13 views

CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format

4.8CVSS5.4AI score0.00452EPSS

Exploits0References7

Cvelist•added 2024/03/20 5:57 p.m.•13 views

CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format

4.8CVSS5.1AI score0.00452EPSS

Exploits0References5

Vulnrichment•added 2024/03/20 5:57 p.m.•15 views

CVE-2024-23818 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format

4.8CVSS5.5AI score0.00452EPSS

Exploits0References5

CVE•added 2024/03/20 5:57 p.m.•78 views

CVE-2024-23818

GeoServer’s WMS OpenLayers Format has a stored XSS vulnerability that can be triggered by an authenticated administrator with workspace privileges to store a JavaScript payload in the GeoServer catalog, executed in another user’s browser when rendering WMS GetMap. Affected are versions prior to 2...

4.8CVSS4.8AI score0.00452EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2024/03/20 3:15 p.m.•27 views

GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)

Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers...

4.8CVSS5.6AI score0.00452EPSS

Exploits0References7Affected Software1

OSV•added 2024/03/20 3:15 p.m.•12 views

GHSA-FCPM-HCHJ-MH72 GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)

4.8CVSS4.9AI score0.00452EPSS

Exploits0References7

Positive Technologies•added 2024/03/20 12:0 a.m.•2 views

PT-2024-20099 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.3 and 2.24.1 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog. This...

4.8CVSS5.9AI score0.00452EPSS

Exploits0References13

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by