Hello,

I'm a student working on a school project that utilises mapserver 6.2
installed from rpm on RedHat OS. My advisors are very concerned about the
security of the system. From the security reports, we obtained this XSS
vulnerability on the 'layer' parameter of WMTS service.

http://example.com/mapcache/wmts/?SERVICE=WMTS&REQUEST=
GetTile&VERSION=1.0.0&LAYER=--%3E%3ca%20xml

ns%3aa%3d%27http%3a%2f%2fwww.w3.org%2f1999%2fxhtml%27%3e%
3ca%3abody%20onload%3d%27alert(1111)%27%2f
%3e%3c%2fa%3e&STYLE=default&TILEMATRIXSET=epsg3857&TILEMATRIX=6&TILEROW=23&
TILECOL=38&FORMAT=

I wonder if the newer versions of mapserver have this issue or is there any
way to solve it?
Any help would be appreciated.

Beste
_______________________________________________
mapserver-users mailing list
mapserver-users@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/mapserver-users

Reply via email to