CVE-2025-44136

Source
https://cve.org/CVERecord?id=CVE-2025-44136
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-44136.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-44136
Published
2025-07-29T00:00:00Z
Modified
2026-07-15T01:49:17.219008189Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/44xxx/CVE-2025-44136.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/maptiler/tileserver-php

Affected ranges

Type
GIT
Repo
https://github.com/maptiler/tileserver-php
Events
Database specific
{
    "cpe": "cpe:2.3:a:maptiler:tileserver_php:2.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.0"
        },
        {
            "last_affected": "2.0"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

2.*
2.0
v2.*
v2.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-44136.json"