Hello,
I'm a student working on a school project that utilises mapserver 6.2
installed from rpm on RedHat OS. My advisors are very concerned about the
security of the system. From the security reports, we obtained this XSS
vulnerability on the 'layer' parameter of WMTS service.
Beste / devs,
adding the development list in CC.
I can confirm the issue on latest mapcache master. The vulnerabililty is the
injection of a parameter value between XML comment markers <-- --> used for
the error message. When this parameter value starts with --> it ends up the
comment part
On 2017-08-06 8:47 AM, Even Rouault wrote:
Beste / devs,
adding the development list in CC.
I can confirm the issue on latest mapcache master. The vulnerabililty is the
injection of a parameter value between XML comment markers <-- --> used for
the error message. When this parameter value
