Skip to content

XSS in Mapfish Print relating to JSONP support

Low severity GitHub Reviewed Published Jul 6, 2020 in mapfish/mapfish-print • Updated Jan 9, 2023

Package

maven org.mapfish.print:print-lib (Maven)

Affected versions

< 3.24

Patched versions

3.24
maven org.mapfish.print:print-servlet (Maven)
< 3.24
3.24
maven org.mapfish.print:print-standalone (Maven)
< 3.24
3.24

Description

Impact

A user can use the JSONP support to do a Cross-site scripting.

Patches

Use version >= 3.24

Workarounds

No

References

For more information

If you have any questions or comments about this advisory Comment the pull request: mapfish/mapfish-print#1397

References

@sbrunner sbrunner published to mapfish/mapfish-print Jul 6, 2020
Reviewed Jul 7, 2020
Published to the GitHub Advisory Database Jul 7, 2020
Last updated Jan 9, 2023

Severity

Low

EPSS score

0.066%
(31st percentile)

Weaknesses

CVE ID

CVE-2020-15231

GHSA ID

GHSA-w534-q4xf-h5v2

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.