CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-15500

An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.296

EPSS Ranking 96.4%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html
https://github.com/maptiler/tileserver-gl/issues/461
http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html
https://github.com/maptiler/tileserver-gl/issues/461

Products affected by CVE-2020-15500

Tileserver » Tileservergl » Version: 3.0.0

cpe:2.3:a:tileserver:tileservergl:3.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15500

Products

Pricing

Contact Us