Injection: GeoVision Geowebserver \<= 5.3.3 - Local File Inclusion / Cross-Site Scripting¶

Identifier: geovision_geowebserver_lfi_xss

Scanner(s) Support¶

Description¶

GEOVISION GEOWEBSERVER \<= 5.3.3 is vulnerable to several XSS, HTML Injection, and Local File Include (LFI) vectors. The application fails to properly sanitize user requests, allowing injection of HTML code and XSS, as well as client-side exploitation, including session theft.

Reference:

• https://www.geovision.com.tw/cyber_security.php
• https://www.exploit-db.com/exploits/50211

Configuration¶

Example¶

Example configuration:

---
security_tests:
  geovision_geowebserver_lfi_xss:
    skip: false

Reference¶

skip¶

Type : boolean

Skip the test if true.