An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.
References
Link | Resource |
---|---|
https://github.com/maptiler/tileserver-gl/issues/461 | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2020-07-01 16:15
Updated : 2022-11-09 20:25
NVD link : CVE-2020-15500
Mitre link : CVE-2020-15500
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
tileserver
- tileservergl