[MAVEN:GHSA-7X76-57FR-M5R5] GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)

Severity Moderate

Affected Packages 2

Fixed Packages 2

CVEs 1

Summary

A stored cross-site scripting (XSS) vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users' ability to trigger the XSS.

Impact

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:

1 .Perform any action within the application that the user can perform.
2. View any information that the user is able to view.
3. Modify any information that the user is able to modify.
4. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.

References

https://osgeo-org.atlassian.net/browse/GEOS-11154
https://github.com/geoserver/geoserver/pull/7175

Package	Affected Version
pkg:maven/org.geoserver.extension/gs-mapml	>= 2.24.0, < 2.24.1
pkg:maven/org.geoserver.extension/gs-mapml	< 2.23.4

Package	Fixed Version
pkg:maven/org.geoserver.extension/gs-mapml	= 2.24.1
pkg:maven/org.geoserver.extension/gs-mapml	= 2.23.4

ID: MAVEN:GHSA-7X76-57FR-M5R5
Severity: moderate
URL: https://github.com/advisories/GHSA-7x76-57fr-m5r5
Published: 2024-03-20T15:16:53
(6 months ago)
Modified: 2024-03-20T21:03:48
(6 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5
			https://github.com/geoserver/geoserver/pull/7175
			https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef
			https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1
			https://osgeo-org.atlassian.net/browse/GEOS-11154
			https://nvd.nist.gov/vuln/detail/CVE-2024-23819
			https://github.com/advisories/GHSA-7x76-57fr-m5r5

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.geoserver.extension/gs-mapml	org.geoserver.extension	gs-mapml	>= 2.24.0 < 2.24.1
Fixed	pkg:maven/org.geoserver.extension/gs-mapml	org.geoserver.extension	gs-mapml	= 2.24.1
Affected	pkg:maven/org.geoserver.extension/gs-mapml	org.geoserver.extension	gs-mapml	< 2.23.4
Fixed	pkg:maven/org.geoserver.extension/gs-mapml	org.geoserver.extension	gs-mapml	= 2.23.4

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date