DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2024-27091: CVE-2024-27091: Stored Cross-Site Scripting (XSS) to Account Takeover in GeoNode

CVE-2024-27091: Stored Cross-Site Scripting (XSS) to Account Takeover in GeoNode

Vulnerability ID: CVE-2024-27091
CVSS Score: 6.1
Published: 2026-07-13

A comprehensive security analysis of CVE-2024-27091, a stored cross-site scripting (XSS) vulnerability in the GeoNode geospatial content management system. Unsanitized metadata fields rendered with Django's safe template filter permit stored JavaScript execution, leading directly to admin account takeover via CSRF token theft and silent profile email modification.

TL;DR

Unsanitized user-controlled metadata fields rendered via the safe filter in GeoNode templates allow unauthenticated or low-privilege users to store malicious script payloads. Upon administrative review, the script executes within the victim session, permitting silent account takeover.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-79 (Improper Neutralization of Input During Web Page Generation)
  • Attack Vector: Network (AV:N)
  • CVSS v3.1: 6.1 (Medium)
  • Exploit Status: Proof of Concept / Code Analysis Available
  • EPSS Score: 0.00376 (Percentile: 29.75%)
  • KEV Status: Not Listed

Affected Systems

  • GeoNode deployments from version 3.2.0 up to, but excluding, 4.2.3
  • GeoNode: >= 3.2.0, < 4.2.3 (Fixed in: 4.2.3)

Code Analysis

Commit: e53bdef

[Fixes #11862] Sanitize HTML data (#11958)

Exploit Details

Mitigation Strategies

  • Upgrade to GeoNode version 4.2.3 or higher.
  • Deploy a restrictive Content Security Policy (CSP) that disables 'unsafe-inline' inside script-src directives.
  • Apply manual template sanitization filters using the nh3 library on legacy deployments.

Remediation Steps:

  1. Confirm the current running version of GeoNode using pip show geonode or via admin dashboard controls.
  2. Update requirements.txt to include nh3==0.2.15 and run pip install -r requirements.txt.
  3. Review the metadata_detail.html template and update occurrences of user-controlled fields using safe to include the sanitize_html filter.
  4. Enforce Content-Security-Policy HTTP response headers across all GeoNode subdomains.

References


Read the full report for CVE-2024-27091 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)