THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-rwcv-whm8-fmxm (medium) — GeoNode: Stored XSS to full account takeover

[GHSA] GHSA-rwcv-whm8-fmxm (medium) — GeoNode: Stored XSS to full account takeover

medgithub_advisoriesPublished 2026-07-13

GHSA-rwcv-whm8-fmxm Severity: medium CVE: CVE-2024-27091

GeoNode: Stored XSS to full account takeover

An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the

Indicators of compromise

Original source: https://github.com/advisories/GHSA-rwcv-whm8-fmxm