{"uuid": "d606d7f0-724a-4fc6-9a18-c0cc25371db4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27091", "type": "seen", "source": "https://gist.github.com/alon710/1cf437e22a892172012205a9b0e24d57", "content": "# CVE-2024-27091: CVE-2024-27091: Stored Cross-Site Scripting (XSS) to Account Takeover in GeoNode\n\n&gt; **CVSS Score:** 6.1\n&gt; **Published:** 2026-07-13\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2024-27091\n\n## Summary\nA comprehensive security analysis of CVE-2024-27091, a stored cross-site scripting (XSS) vulnerability in the GeoNode geospatial content management system. Unsanitized metadata fields rendered with Django's safe template filter permit stored JavaScript execution, leading directly to admin account takeover via CSRF token theft and silent profile email modification.\n\n## TL;DR\nUnsanitized user-controlled metadata fields rendered via the safe filter in GeoNode templates allow unauthenticated or low-privilege users to store malicious script payloads. Upon administrative review, the script executes within the victim session, permitting silent account takeover.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-79 (Improper Neutralization of Input During Web Page Generation)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1**: 6.1 (Medium)\n- **Exploit Status**: Proof of Concept / Code Analysis Available\n- **EPSS Score**: 0.00376 (Percentile: 29.75%)\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- GeoNode deployments from version 3.2.0 up to, but excluding, 4.2.3\n- **GeoNode**: &gt;= 3.2.0, &lt; 4.2.3 (Fixed in: `4.2.3`)\n\n## Mitigation\n\n- Upgrade to GeoNode version 4.2.3 or higher.\n- Deploy a restrictive Content Security Policy (CSP) that disables 'unsafe-inline' inside script-src directives.\n- Apply manual template sanitization filters using the nh3 library on legacy deployments.\n\n**Remediation Steps:**\n1. Confirm the current running version of GeoNode using pip show geonode or via admin dashboard controls.\n2. Update requirements.txt to include nh3==0.2.15 and run pip install -r requirements.txt.\n3. Review the metadata_detail.html template and update occurrences of user-controlled fields using safe to include the sanitize_html filter.\n4. Enforce Content-Security-Policy HTTP response headers across all GeoNode subdomains.\n\n## References\n\n- [NVD Vulnerability Detail Page](https://nvd.nist.gov/vuln/detail/CVE-2024-27091)\n- [CVE.org Official Record](https://www.cve.org/CVERecord?id=CVE-2024-27091)\n- [GitHub Security Advisory Details](https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm)\n- [CVEProject JSON Source](https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27091.json)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2024-27091) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-13T17:11:49.971044Z"}