SaleSlave/CVE-2024-35627

## CVE-2024-35627
CVE-2024-35627 Cross Site Scripting (XSS)

Product
https://github.com/maptiler/tileserver-gl

Affected versions
<= 4.4.10
Patched versions
4.5.0

Description:
During the penetration test of TileServer GL, A reflected XSS vulnerability is discovered. The value of "key" parameter is reflected in the response, allowing an attacker to inject Javascript code into the response of the application.
This vulnerability can be exploited to target the users of the application, and users of other applications deployed on the same domain or website as that of the TileServer website. Successful exploit results may result in compromise of user accounts and user data.

Impact:
The impact of this vulnerability can be severe. An attacker could exploit it to target users of TileServer GL. Moreover, if other applications are deployed on the same domain or website as TileServer GL, users of those applications could also be affected, leading to a broader scope of compromise. Potentially compromising their accounts, forcing the users to perform sensitive actions, stealing sensitive data, performing CORS attacks, defacement of the web application, etc.

Mitigation:
- Encode all output data before rendering it in the response to prevent XSS attacks.
- Update to latest version

Steps to Reproduce:
1. Visit main page and locate vector data url under DATA section, button "Inspect"
For example, http://<address>:8083/data/malaysia-vector/#0/0.00000/0.00000
2. Change found URL to http://<address>:8083/data/malaysia-vector/?key='-alert(1)-'

References:
https://github.com/maptiler/tileserver-gl/discussions/1248
	CVE-2024-35627 Cross Site Scripting (XSS)

	Product
	https://github.com/maptiler/tileserver-gl

	Affected versions
	<= 4.4.10
	Patched versions
	4.5.0

	Description:
	During the penetration test of TileServer GL, A reflected XSS vulnerability is discovered. The value of "key" parameter is reflected in the response, allowing an attacker to inject Javascript code into the response of the application.
	This vulnerability can be exploited to target the users of the application, and users of other applications deployed on the same domain or website as that of the TileServer website. Successful exploit results may result in compromise of user accounts and user data.

	Impact:
	The impact of this vulnerability can be severe. An attacker could exploit it to target users of TileServer GL. Moreover, if other applications are deployed on the same domain or website as TileServer GL, users of those applications could also be affected, leading to a broader scope of compromise. Potentially compromising their accounts, forcing the users to perform sensitive actions, stealing sensitive data, performing CORS attacks, defacement of the web application, etc.

	Mitigation:
	- Encode all output data before rendering it in the response to prevent XSS attacks.
	- Update to latest version

	Steps to Reproduce:
	1. Visit main page and locate vector data url under DATA section, button "Inspect"
	For example, http://<address>:8083/data/malaysia-vector/#0/0.00000/0.00000
	2. Change found URL to http://<address>:8083/data/malaysia-vector/?key='-alert(1)-'

	References:
	https://github.com/maptiler/tileserver-gl/discussions/1248