Alexandre Rodrigo

**Name of the Vulnerable Software and Affected Versions** Astun Technology iShare Maps version 5.4.0 **Description** A issue was found in the file historic1.asp, where the manipulation of the `Zoom` argument leads to cross site scripting. This can be exploited remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Astun Technology iShare Maps version 5.4.0, as a temporary workaround, consider restricting access to the historic1.asp file until a patch is available. Avoid using the `Zoom` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Astun Technology iShare Maps version 5.4.0 **Description** A problematic vulnerability has been found in Astun Technology iShare Maps, affecting an unknown part of the file mycouncil2.aspx. The manipulation of the `atTxtStreet` argument leads to cross-site scripting. It is possible to initiate the attack remotely. **Recommendations** For version 5.4.0, as a temporary workaround, consider restricting access to the `mycouncil2.aspx` file or the `atTxtStreet` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Klokan MapTiler tileserver-gl version 2.3.1 **Description** A vulnerability was found in the component URL Handler of Klokan MapTiler tileserver-gl, which can lead to cross-site scripting when the `key` argument is manipulated. This issue can be exploited remotely. The vendor was contacted about the disclosure but did not respond. **Recommendations** For version 2.3.1, as a temporary workaround, consider restricting access to the URL Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.