CVE-2023-51445

Summary

CVE-2023-51445 is a stored cross-site scripting (XSS) vulnerability affecting versions prior to 2.23.3 and 2.24.0 of GeoServer, an open-source geospatial software server. This issue allows an authenticated administrator with workspace-level privileges to inject malicious JavaScript code into uploaded style/legend resources. When viewed through the REST Resources API, this code will execute in another administrator's browser, potentially leading to unauthorized access and data theft. The REST Resources API access is restricted to full administrators by default, and granting access to non-administrators should be done with caution due to potential security risks. Versions 2.23.3 and 2.24.0 contain patches to remediate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.