CVE-2025-44136

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MapTiler Tileserver-php version 2.0

Description MapTiler Tileserver-php v2.0 is susceptible to a Cross-Site Scripting (XSS) issue. The layer GET parameter is reflected in an error message without proper HTML encoding. This allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code in a victim's browser via the ''/api/v1/layer'' endpoint. The vulnerable parameter is layer.

Recommendations MapTiler Tileserver-php version 2.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-44136

Affected Products

Maptiler Tileserver-Php

CVE-2025-44136

Weakness Enumeration

Related Identifiers

Affected Products

References · 9