Hello, I'm a student working on a school project that utilises mapserver 6.2 installed from rpm on RedHat OS. My advisors are very concerned about the security of the system. From the security reports, we obtained this XSS vulnerability on the 'layer' parameter of WMTS service.
http://example.com/mapcache/wmts/?SERVICE=WMTS&REQUEST= GetTile&VERSION=1.0.0&LAYER=--%3E%3ca%20xml ns%3aa%3d%27http%3a%2f%2fwww.w3.org%2f1999%2fxhtml%27%3e% 3ca%3abody%20onload%3d%27alert(1111)%27%2f %3e%3c%2fa%3e&STYLE=default&TILEMATRIXSET=epsg3857&TILEMATRIX=6&TILEROW=23& TILECOL=38&FORMAT= I wonder if the newer versions of mapserver have this issue or is there any way to solve it? Any help would be appreciated. Beste
_______________________________________________ mapserver-users mailing list [email protected] https://lists.osgeo.org/mailman/listinfo/mapserver-users
