← back
CVE-2020-15500

CVE-2020-15500

EPSS 12.2%
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49771unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.htmlhttps://github.com/maptiler/tileserver-gl/issues/461