CVE-2007-4542 — Cross-site Scripting in Mapserver

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 25.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Osgeo Mapserver Debian Mapserver University OF Minnesota Mapserver

Timeline

PublishedAug 27

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/mapserver< mapserver 4.10.3-1 (bookworm)

▶Debianosgeo/mapserver< 4.10.3-1+3

▶NVDuniversity_of_minnesota/mapserver4.10.3

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-h6vv-phq2-pfpp: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4↗2022-05-01

▶

OSV

CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4↗2007-08-27

▶

📋Vendor Advisories

Debian

CVE-2007-4542: mapserver - Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 a...↗2007

▶

💬Community

Bugzilla

CVE-2007-4542 Multiple XSS vulnerabilities in mapserver's CGI interface↗2007-08-27

▶