GHSA-3fr8-mwpp-8h9p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3fr8-mwpp-8h9p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-3fr8-mwpp-8h9p/GHSA-3fr8-mwpp-8h9p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3fr8-mwpp-8h9p
- Aliases
- Published
- 2021-05-17T21:01:15Z
- Modified
- 2023-11-08T04:02:37.114856Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site scripting in TileServer GL
- Details
-
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.
- Database specific
{ "github_reviewed_at": "2021-05-11T19:36:26Z", "cwe_ids": [ "CWE-79" ], "nvd_published_at": "2020-07-01T23:15:00Z", "severity": "MODERATE", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-15500
- https://github.com/maptiler/tileserver-gl/issues/461
- https://github.com/maptiler/tileserver-gl/commit/10431d70d0f0d7b7950ae2c02aea0850c7566621
- https://github.com/maptiler/tileserver-gl
- http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html
Affected packages
npm / tileserver-gl
Package
- Name
- tileserver-gl
- View open source insights on deps.dev
- Purl
- pkg:npm/tileserver-gl