Skip to content

XSS in Mapfish Print relating to JSONP support

Low severity GitHub Reviewed Published Jul 6, 2020 in mapfish/mapfish-print • Updated Jan 9, 2023

Package

maven org.mapfish.print:print-lib (Maven)

Affected versions

< 3.24

Patched versions

3.24
maven org.mapfish.print:print-servlet (Maven)
< 3.24
3.24
maven org.mapfish.print:print-standalone (Maven)
< 3.24
3.24

Description

Impact

A user can use the JSONP support to do a Cross-site scripting.

Patches

Use version >= 3.24

Workarounds

No

References

For more information

If you have any questions or comments about this advisory Comment the pull request: mapfish/mapfish-print#1397

References

@sbrunner sbrunner published to mapfish/mapfish-print Jul 6, 2020
Reviewed Jul 7, 2020
Published to the GitHub Advisory Database Jul 7, 2020
Last updated Jan 9, 2023

Severity

Low

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(32nd percentile)

Weaknesses

CVE ID

CVE-2020-15231

GHSA ID

GHSA-w534-q4xf-h5v2

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.