MapTiler Tileserver-php v20 is vulnerable to Cross Site Scripting (XSS) The GET parameter

链接： https://github.com/advisories/GHSA-cj86-6g7w-75f6

CVSS 评分： 9.8

参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-44136
https://github.com/maptiler/tileserver-php/issues/167
https://github.com/mheranco/CVE-2025-44136
https://github.com/advisories/GHSA-cj86-6g7w-75f6

描述：

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter “layer” is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim’s browser.

安全公告

#Github Advisory

MapTiler Tileserver-php v20 is vulnerable to Cross Site Scripting (XSS) The GET parameter

http://example.com/2025/07/29/github_1981809591/

作者

lianccc

发布于

2025年7月29日

许可协议

BentoML SSRF Vulnerability in File Upload Processing 上一篇

Linux Password Complexity Not Enforced 下一篇