Description
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting (XSS) vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's browser through specially crafted SLD_BODY parameters. This issue has been patched in version 2.25.0.
Remediation
References
Related Vulnerabilities
Drupal Core 8.x.x Cross-Site Request Forgery (8.0.0 - 8.7.14)
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Cross-Site Scripting (1.5.5)
Apache Traffic Server CVE-2024-56195 Vulnerability (CVE-2024-56195)
Oracle JRE CVE-2019-2999 Vulnerability (CVE-2019-2999)
WordPress Plugin Appointment Calendar Multiple Cross-Site Scripting Vulnerabilities (2.7.4)