PT-2025-31223 · Maptiler · Maptiler Tileserver-Php

Published

2025-07-29

Updated

2025-07-29

CVE-2025-44136

Report an issue

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions:

MapTiler Tileserver-php version 2.0

Description:

MapTiler Tileserver-php version 2.0 is susceptible to a Cross Site Scripting (XSS) issue. The `layer` GET parameter is reflected in an error message without proper HTML encoding. This allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code in a victim’s browser.

Recommendations:

Ensure proper HTML encoding is implemented for the `layer` GET parameter in error messages.

Exploit

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-44136

Affected Products

Maptiler Tileserver-Php

PT-2025-31223 · Maptiler · Maptiler Tileserver-Php

Weakness Enumeration

Related Identifiers

Affected Products

References · 6