mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-05 18:27:13 +00:00
Geowebserver 5.3.3 Arbitrary File Read
GEOVISION GEOWEBSERVER less than 5.3.3 are vulnerable to several XSS ,HTML Injection ,Local File Include ,XML Injection ,Code execution vectors. The application fails to properly sanitize user requests. This allows injection of HTML code and XSS ,client side exploitation, including session theft.
FOFA query rule: app="Geowebserver"
Demo
