CNNVD-202511-2701 Information
CNNVD ID
CNNVD-202511-2701
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
GeoServer是GeoServer开源的一个用 Java 编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer 2.25.0之前版本存在跨站脚本漏洞,该漏洞源于WMS GetFeatureInfo HTML输出格式中存在反射型跨站脚本,可能导致执行任意JavaScript代码。
Description (English)
GeoServer is an open-source software server developed by Java from GeoServer Open Source. Allow users to share and edit geospatial data. GeoServer 2.25.0 has a cross-site script loophole which stems from the presence of a reflective cross-site script in WMS GetFeatureInfo HTML output format, which may result in the implementation of any JavaScript code.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
GeoServer
Published
2025-11-25
Last Modified
2026-02-24
References
https://github.com/geoserver/geoserver/commit/dc9ff1c726dd73c884437a123b4ad72b19383c7d https://github.com/geoserver/geoserver/pull/7406 https://github.com/geoserver/geoserver/security/advisories/GHSA-w66h-j855-qr72 https://osgeo-org.atlassian.net/browse/GEOS-11297 https://access.redhat.com/security/cve/cve-2025-21621
Patch
https://github.com/geoserver/geoserver/releases
Share on: