Cross-Site Scripting Vulnerability in SpatialReference.org by OSGeo
CVE-2025-50690

6.1MEDIUM

Key Information:

Vendor: OSGeo
Status: SpatialReference.org
Vendor: CVE Published:; 13 August 2025

What is CVE-2025-50690?

A Cross-Site Scripting vulnerability in SpatialReference.org allows attackers to inject malicious JavaScript through crafted URLs. This flaw arises from improper handling of user input in the search query parameter. When exploited, an attacker can execute arbitrary JavaScript code in the context of a victim's session, leading to potential risks, including session hijacking, data theft, phishing attacks, or redirection to harmful sites. The vulnerability affects all publicly accessible pages and can be exploited by unauthenticated users, emphasizing the necessity for immediate attention and remediation.

References

https://github.com/OSGeo/spatialreference.org

https://medium.com/@Justinsecure/cracking-open-a-reflecte...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Jun 16, 2025

CVE-2025-50690 Data

JSON