GHSA-rwcv-whm8-fmxm: GeoNode: Stored XSS to full account takeover
GeoNode versions 3.2.1 up to but not including 4.2.3 contain a stored cross-site scripting (XSS) vulnerability in the rich text editor. This vulnerability allows an attacker to retrieve a victim's CSRF token and perform actions such as changing the victim's email address, potentially leading to full account takeover. The vulnerability bypasses CORS policy restrictions due to the script element's behavior. The issue is classified as CWE-79 and has a moderate severity rating.
AI Analysis
Technical Summary
A stored XSS vulnerability exists in GeoNode's rich text editor in versions >=3.2.1 <4.2.3. Although cookies are set securely, the attacker can exploit the XSS to steal the victim's CSRF token and issue authenticated requests to change the victim's email address, enabling full account takeover. The vulnerability bypasses CORS policy protections, allowing malicious scripts to perform unauthorized actions within the victim's session context.
Potential Impact
Successful exploitation allows an attacker to perform a full account takeover by changing the victim's email address through CSRF token theft via stored XSS. This compromises the confidentiality and integrity of the victim's account. There is no indication of availability impact. The vulnerability affects user accounts and session security.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should exercise caution when interacting with untrusted content in the rich text editor. Consider disabling or restricting rich text input if feasible. Monitor official GeoNode channels for updates and apply any official fixes once released.
GHSA-rwcv-whm8-fmxm: GeoNode: Stored XSS to full account takeover
Description
GeoNode versions 3.2.1 up to but not including 4.2.3 contain a stored cross-site scripting (XSS) vulnerability in the rich text editor. This vulnerability allows an attacker to retrieve a victim's CSRF token and perform actions such as changing the victim's email address, potentially leading to full account takeover. The vulnerability bypasses CORS policy restrictions due to the script element's behavior. The issue is classified as CWE-79 and has a moderate severity rating.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
A stored XSS vulnerability exists in GeoNode's rich text editor in versions >=3.2.1 <4.2.3. Although cookies are set securely, the attacker can exploit the XSS to steal the victim's CSRF token and issue authenticated requests to change the victim's email address, enabling full account takeover. The vulnerability bypasses CORS policy protections, allowing malicious scripts to perform unauthorized actions within the victim's session context.
Potential Impact
Successful exploitation allows an attacker to perform a full account takeover by changing the victim's email address through CSRF token theft via stored XSS. This compromises the confidentiality and integrity of the victim's account. There is no indication of availability impact. The vulnerability affects user accounts and session security.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should exercise caution when interacting with untrusted content in the rich text editor. Consider disabling or restricting rich text input if feasible. Monitor official GeoNode channels for updates and apply any official fixes once released.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-rwcv-whm8-fmxm
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2024-27091"]
- Ecosystems
- ["PyPI"]
- Database Specific Severity
- MODERATE
- Cvss Version
- 3.1
Threat ID: 6a55ffc368715ace432fccd7
Added to database: 07/14/2026, 09:22:11 UTC
Last enriched: 07/14/2026, 10:02:58 UTC
Last updated: 07/14/2026, 10:02:58 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.