CVE-2025-44136 Information
Jul 30, 2025
cve
Description
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter \layer\ is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim’s browser.
Reference
https://github.com/maptiler/tileserver-php/issues/167 https://github.com/mheranco/CVE-2025-44136
Related CNNVD
CNNVD-202507-3619 (Published: 2025-07-29)
Share on: