CVSS: 10.0EPSS: 94%CPEs: 6EXPL: 24CVE-2024-36401 – OSGeo GeoServer GeoTools Eval Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-36401
01 Jul 2024 — GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-j... • https://packetstorm.news/files/id/179547 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24749 – Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
https://notcve.org/view.php?id=CVE-2024-24749
01 Jul 2024 — GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer is also deployed as a web archive using the data directory embedded in the `geoserver.war` file (r... • https://github.com/GeoWebCache/geowebcache/commit/c7f76bd8a1d67c3b986146e7a5e0b14dd64a8fef • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23821 – GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-23821
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security ... • https://github.com/GeoWebCache/geowebcache/issues/1171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23819 – GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page
https://notcve.org/view.php?id=CVE-2024-23819
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is av... • https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23818 – GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format
https://notcve.org/view.php?id=CVE-2024-23818
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all u... • https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23643 – GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form
https://notcve.org/view.php?id=CVE-2024-23643
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by defau... • https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23642 – GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer
https://notcve.org/view.php?id=CVE-2024-23642
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Fo... • https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23640 – GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher
https://notcve.org/view.php?id=CVE-2024-23640
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's browser when viewed in the Style Publisher. Access to the Style Publis... • https://github.com/geoserver/geoserver/pull/7162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23634 – GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API
https://notcve.org/view.php?id=CVE-2024-23634
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before ... • https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772 • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51445 – GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API
https://notcve.org/view.php?id=CVE-2023-51445
20 Mar 2024 — GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST Resources API. Access to the REST Resources API is limited to full adm... • https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •