MapTiler Tileserver-php v2.0 - Unauthenticated XSS

MapTiler Tileserver-php v2.0 contains a reflected XSS caused by unencoded reflection of the GET parameter "layer" in an error message, letting unauthenticated attackers execute arbitrary script on victim browsers. id: CVE-2025-44136 info: name: MapTiler Tileserver-php v2.0 - Unauthenticated XSS...

VulnCheck KEV: CVE-2025-44136

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting XSS. The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser...

Zytec Central Authentication Service 代码注入漏洞

Zytec Central Authentication Service is a centralized authentication service from China's Zhuo Yun Zytec Company. A code injection vulnerability exists in Zytec Central Authentication Service 20251009 and earlier versions, which stems from incorrect manipulation of the parameters get.layer,...

TileServer PHP 安全漏洞

TileServer PHP is a folder hosting software from MapTiler Open Source. A security vulnerability exists in TileServer PHP version v2.0, which stems from the layer parameter not being HTML-encoded, and could lead to a cross-site scripting attack...

Exploit for Cross-site Scripting in Maptiler Tileserver_Php

CVE-2025-44136 Unauthenticated XSS in MapTiler Tileserver-php...

SUSE CVE-2011-1523

Cross-site scripting XSS vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter...

CVE-2011-1523

Removed by vendor...

CVE-2011-1523

Cross-site scripting XSS vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter...

UBUNTU-CVE-2011-1523

Cross-site scripting XSS vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter...

Directory traversal

Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. dot dot in the layer parameter...

CVE-2007-6212

Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. dot dot in the layer parameter...

CVE-2004-1774

Buffer overflow in the SDOCODESIZE procedure of the MD2 package MDSYS.MD2.SDOCODESIZE in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter...