Submit #427302: Klokantech tileserver-gl 2.3.1 Cross Site Scriptinginfo

TitleKlokantech tileserver-gl 2.3.1 Cross Site Scripting
DescriptionA Cross-Site Scripting (XSS) vulnerability was discovered in TileServer GL v2.3.1, affecting the key parameter on the URL https://site.com. An attacker can inject arbitrary JavaScript code, which is executed in the context of the victim's browser when accessing the crafted URL. This allows for potential malicious actions such as session hijacking, phishing, or other client-side attacks. Example payload: https://site.com/?key=wwwwwwwwwwwwww%22%3E%3Csvg%2Fonload%3Dconfirm%281%29%3E.
Source⚠️ https://maps.monomaps.com/?key=wwwwwwwwwwwwww?%22xx%3F%2F%27%27%27%2F%3E%3Csvg%2Fonload%3Dconfirm%281%29%3E
User
 Alexandre Rodrigo (UID 76412)
Submission10/20/2024 08:59 PM (2 months ago)
Moderation10/29/2024 06:38 PM (9 days later)
StatusAccepted
VulDB Entry282443 [Klokan MapTiler tileserver-gl 2.3.1 URL key cross site scripting]
Points20

Do you need the next level of professionalism?

Upgrade your account now!