Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-44136

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.1%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-44136


Contact Us

Shodan ® - All rights reserved