Vulnerability
Description
In TileServer GL through 3.0.0, an issue was discovered in server.js. The value of the key GET parameter is reflected in an HTTP response for the application’s main page without being sanitised, resulting in reflected XSS.
Recommendations
- Update TileServer GL to the latest version
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
