Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2025-44136

MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.

Published: Jul 29, 2025
Updated: Aug 7, 2025
CVE: CVE-2025-44136
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
maptiler / tileserver_php	2.0	2.0.x

https://github.com/maptiler/tileserver-php/issues/167
https://github.com/mheranco/CVE-2025-44136

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo