CVE-2020-15500: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 17, 2021

An issue was discovered in server.js in TileServer GL The content of the key GET parameter is reflected unsanitized in an HTTP response for the application’s main page, causing reflected XSS.

References

packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html
github.com/advisories/GHSA-3fr8-mwpp-8h9p
github.com/maptiler/tileserver-gl/issues/461
nvd.nist.gov/vuln/detail/CVE-2020-15500

Code Behaviors & Features

Detect and mitigate CVE-2020-15500 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →