Home > Vulnerability Database > CVE-2024-27091

Mend.io Vulnerability Database

CVE-2024-27091

Good to know:

Date: March 27, 2024

GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3.

Language: Python

Severity Score

6.1

Related Resources (4)

Url: https://github.com/GeoNode/geonode/commit/e53bdeff331f4b577918927d60477d4b50cca02f

Url: https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-27091

Url: https://www.mend.io/vulnerability-database/CVE-2024-27091

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version geonode - 4.2.3

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-27091

Good to know:

Date: March 27, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?