An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-07-01T22:14:44

Updated: 2024-08-04T13:15:20.717Z

Reserved: 2020-07-01T00:00:00

Link: CVE-2020-15500

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-07-01T23:15:10.333

Modified: 2024-11-21T05:05:38.730

Link: CVE-2020-15500

cve-icon Redhat

No data.