CVE-2025-44136 POC (Proof-of-Concept)

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.

Published: 2025-07-29

CVSS: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Download CVE-2025-44136 POC (Proof-of-Concept) here:

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

Check my portfolio here:

https://tlncglobal.com/poc-822-cve-2024-50967/

https://tlncglobal.com/poc-333-cve-2025-26493/

https://tlncglobal.com/poc-544-cve-2024-8275/

https://tlncglobal.com/poc-883-cve-2024-49328/

https://tlncglobal.com/poc-633-cve-2024-6420/

CVE-2025-44136 POC (Proof-of-Concept)

Archives

SNC Group Sp. z o.o.

Categories

Regulamin serwisu

Taisja Laudy – Założycielka i CEO TLnC Global