tileserver-gl is vulnerable to cross-site scripting (XSS). The vulnerability exists because the key
GET parameter is not escaped properly, allowing an attacker to inject malicious script and get it executed when a user visits the application’s main page.
CPE | Name | Operator | Version |
---|---|---|---|
tileserver-gl | le | 3.0.0 | |
tileserver-gl | le | 2.3.1 | |
tileserver-gl | le | 3.0.0 | |
tileserver-gl | le | 2.3.1 |