Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-15500 PoC — TileServer GL 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-15500.yaml
Associated Vulnerability
Title:TileServer GL 跨站脚本漏洞 (CVE-2020-15500)
Description:TileServer GL是MapTiler团队的一款用于矢量图块的开源地图服务器。 TileServer GL 3.0.0及之前版本中的server.js文件存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
Description
TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js  because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page.
File Snapshot

 id: CVE-2020-15500

info:
  name: TileServer GL <=3.0.0 - Cross-Site Scripting
  author: Akash.C
  s

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.