Security Advisory

CVE-2025-44136

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-29 00:00:00

Last updated 2025-07-29 17:34:31

Assigner mitre

State PUBLISHED

Description

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser.

← Browse all CVEs View on cve.org ↗