CVE-2026-42030

>= 6.0.0 and < 8.6.2

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnera

6.1MEDIUM

CVE-2026-33721

>= 4.2.0 and < 8.6.1

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer

5.3MEDIUM

CVE-2025-59431

all versions

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vu

9.8CRITICAL

CVE-2021-32062

< 7.0.8

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not prop

5.3MEDIUM

CVE-2012-2950

< 3.0.6

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to

8.1HIGH

CVE-2010-1678

>= 5.6.0 and < 5.6.5.-2

Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.

7.5HIGH

CVE-2017-5522

<= 6.0.5

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remot

9.8CRITICAL

CVE-2016-9839

<= 7.0.2

In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.

7.5HIGH

CVE-2013-7262

<= 6.4.0

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time

CVE-2011-2975

<= 6.0.0

Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers t

CVE-2011-2704

<= 4.10.6

Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via

CVE-2011-2703

<= 4.10.6

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers t

CVE-2010-2540

<= 4.10.5

mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line argume

CVE-2010-2539

<= 4.10.5

Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local use

CVE-2009-2281

all versions

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x

CVE-2009-1177

all versions

Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown

CVE-2009-1176

all versions

mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter

CVE-2009-0843

all versions

The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the e

CVE-2009-0842

all versions

mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a ful

CVE-2009-0841

all versions

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Win

CVE-2009-0840

all versions

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2

CVE-2009-0839

all versions

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map

CVE-2007-4629

<= 4.10.2

Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of serv

CVE-2007-4542

<= 4.10.3

Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web scri