| 제목 | Klokantech tileserver-gl 2.3.1 Cross Site Scripting |
|---|
| 설명 | A Cross-Site Scripting (XSS) vulnerability was discovered in TileServer GL v2.3.1, affecting the key parameter on the URL https://site.com. An attacker can inject arbitrary JavaScript code, which is executed in the context of the victim's browser when accessing the crafted URL. This allows for potential malicious actions such as session hijacking, phishing, or other client-side attacks.
Example payload: https://site.com/?key=wwwwwwwwwwwwww%22%3E%3Csvg%2Fonload%3Dconfirm%281%29%3E. |
|---|
| 원천 | ⚠️ https://maps.monomaps.com/?key=wwwwwwwwwwwwww?%22xx%3F%2F%27%27%27%2F%3E%3Csvg%2Fonload%3Dconfirm%281%29%3E |
|---|
| 사용자 | Alexandre Rodrigo (UID 76412) |
|---|
| 제출 | 2024. 10. 20. PM 08:59 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 10. 29. PM 06:38 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 282443 [Klokan MapTiler tileserver-gl 2.3.1 URL key 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|