Approved changes feed: RSS · Atom
cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Osgeo (706646bf-cac0-5b16-9ff6-83d28fd0444b) |
|---|---|
| Product | Mapserver (fdf15dc6-4140-59d1-a297-792a1971f778) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/mapserver/mapserver |
purl2cpe | 2026-06-01 10:12:15.956690 |
pkg:rpm/fedora/mapserver |
purl2cpe | 2026-06-01 10:12:15.956693 |
pkg:rpm/opensuse/mapserver |
purl2cpe | 2026-06-01 10:12:15.956696 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-42030 |
vulnerable | 2026-06-08 08:03:15.866818 |
MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer
MEDIUM (6.1)
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The vulnerability is triggered via FORMAT=application/openlayers combined with an unsanitized SRS parameter in WMS 1.3.0 requests. This issue has been patched in version 8.6.2.
Published: 2026-05-08T15:56:48.553Z
Updated: 2026-05-08T21:26:45.294Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-33721 |
vulnerable | 2026-06-08 07:59:10.651472 |
MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing
MEDIUM (5.3)
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue.
Published: 2026-03-27T00:15:00.360Z
Updated: 2026-04-17T17:18:03.353Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32062 |
vulnerable | 2026-06-08 05:31:54.667726 |
Details available
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).
Published: 2021-05-05T18:39:41.000Z
Updated: 2024-08-03T23:17:28.686Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-5522 |
vulnerable | 2026-06-08 05:09:47.049508 |
Details available
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.
Published: 2017-03-15T16:00:00.000Z
Updated: 2024-08-05T15:04:14.804Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-9839 |
vulnerable | 2026-06-08 05:08:24.569638 |
Details available
In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.
Published: 2016-12-08T08:08:00.000Z
Updated: 2024-08-06T02:59:03.697Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-7262 |
vulnerable | 2026-06-08 05:05:08.872423 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-2975 |
vulnerable | 2026-06-08 04:58:09.893046 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-2704 |
vulnerable | 2026-06-08 04:58:08.489371 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-2703 |
vulnerable | 2026-06-08 04:58:08.450336 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-2540 |
vulnerable | 2026-06-08 04:55:08.609974 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-2539 |
vulnerable | 2026-06-08 04:55:08.576042 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-1678 |
vulnerable | 2026-06-08 04:54:09.901408 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.