Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| geoserver | geoserver | affected |
|
No data.
| Vendor | Product | Confidence | Versions |
|---|---|---|---|
| Geoserver | Geoserver | — | — |
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No remediation available yet.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-w66h-j855-qr72 | GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format |
Wed, 03 Dec 2025 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:* |
Thu, 27 Nov 2025 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Geoserver
Geoserver geoserver |
|
| Vendors & Products |
Geoserver
Geoserver geoserver |
Wed, 26 Nov 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 25 Nov 2025 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting (XSS) vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's browser through specially crafted SLD_BODY parameters. This issue has been patched in version 2.25.0. | |
| Title | GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-11-26T16:03:05.272Z
Reserved: 2024-12-29T03:00:24.714Z
Link: CVE-2025-21621
Vulnrichment
Updated: 2025-11-26T16:03:02.215Z
NVD
Status : Analyzed
Published: 2025-11-25T22:15:47.227
Modified: 2025-12-03T16:43:45.223
Link: CVE-2025-21621
Redhat
No data.
OpenCVE Enrichment
Updated: 2025-11-27T16:25:59Z