VYPR

Maven package

org.geoserver/gs-wms

pkg:maven/org.geoserver/gs-wms

Vulnerabilities (8)

  • CVE-2025-21621Nov 25, 2025
    affected < 2.25.0fixed 2.25.0

    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting (XSS) vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript

  • CVE-2025-58360KEVNov 25, 2025
    affected >= 2.26.0, < 2.26.2fixed 2.26.2

    GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms

  • CVE-2025-30145Jun 10, 2025
    affected >= 2.26.0, < 2.26.3fixed 2.26.3

    GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of serv

  • CVE-2024-36401KEVJul 1, 2024
    affected >= 2.24.0, < 2.24.4fixed 2.24.4

    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a defau

  • CVE-2024-23818Mar 20, 2024
    affected < 2.23.3fixed 2.23.3

    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privil

  • CVE-2024-23642Mar 20, 2024
    affected < 2.23.4fixed 2.23.4

    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privil

  • CVE-2023-41339Oct 24, 2023
    affected < 2.22.5fixed 2.22.5

    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the

  • CVE-2023-35042Jun 12, 2023
    affected < 2.18.6fixed 2.18.6

    GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in