THREAT OPS › Threat News › [GHSA] GHSA-rwcv-whm8-fmxm (medium) — GeoNode: Stored XSS to full account takeover
[GHSA] GHSA-rwcv-whm8-fmxm (medium) — GeoNode: Stored XSS to full account takeover
GHSA-rwcv-whm8-fmxm Severity: medium CVE: CVE-2024-27091
GeoNode: Stored XSS to full account takeover
An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the
Indicators of compromise
- CVE-2024-27091cve
Original source: https://github.com/advisories/GHSA-rwcv-whm8-fmxm