VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.geoserver:gs-wms

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2025-58360 unknown 1.5 6mo ago OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation… java
CVE-2024-36401 unknown 1.5 2y ago OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unau… java
CVE-2025-21621 unknown 6mo ago GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format java
CVE-2025-30145 unknown 1y ago GeoServer Infinite Loop Vulnerability in Jiffle process java
CVE-2024-23818 unknown 2y ago GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) java
CVE-2024-23642 unknown 2y ago GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) java
CVE-2023-41339 unknown 3y ago Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF java
CVE-2023-35042 unknown 3y ago GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language java