MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 06 Aug 2025 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Maptiler
Maptiler tileserver Php |
|
CPEs | cpe:2.3:a:maptiler:tileserver_php:2.0:*:*:*:*:*:*:* | |
Vendors & Products |
Maptiler
Maptiler tileserver Php |
Tue, 29 Jul 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Tue, 29 Jul 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-07-29T17:34:31.951Z
Reserved: 2025-04-22T00:00:00.000Z
Link: CVE-2025-44136

Updated: 2025-07-29T17:33:58.432Z

Status : Analyzed
Published: 2025-07-29T17:15:33.327
Modified: 2025-08-06T20:47:45.487
Link: CVE-2025-44136

No data.

No data.