ГлавнаяУязвимости → CVE-2025-44136
9.8критическая

CVE-2025-44136

Описание

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.

Затрагиваемое ПО
Maptiler Tileserver php
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/maptiler/tileserver-php/issues/167https://github.com/mheranco/CVE-2025-44136