Critical severity9.8NVD Advisory· Published Jul 29, 2025· Updated Jun 17, 2026
CVE-2025-44136
CVE-2025-44136
Description
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 2.0
Patches
Vulnerability mechanics
References
1- github.com/maptiler/tileserver-php/issues/167nvdExploitIssue Tracking
News mentions
0No linked articles in our index yet.