Описание
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.
Ссылки
- ExploitIssue Tracking
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:maptiler:tileserver_php:2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10019
Средний
9.8 Critical
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 9.8
github
6 месяцев назад
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.
EPSS
Процентиль: 93%
0.10019
Средний
9.8 Critical
CVSS3
Дефекты
CWE-79