CVE-2020-15500

Опубликовано: 01 июл. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.

Ссылки

http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/maptiler/tileserver-gl/issues/461
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/maptiler/tileserver-gl/issues/461
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tileserver:tileservergl:*:*:*:*:*:*:*:*

Версия до 3.0.0 (включая)

EPSS

Процентиль: 95%

0.19227

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3fr8-mwpp-8h9p