CVE-2024-35627
MEDIUM NUCLEItileserver-gl <= 4.4.10 - Cross-Site Scripting via /data/v3/?key
Title source: llmExploitation Summary
CVE-2024-35627 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /data/v3/?key.
Nuclei Templates (1)
TileServer API - Cross Site Scripting
MEDIUMVERIFIEDby DhiyaneshDK
Shodan:
http.favicon.hash:-1258058404
References (1)
Core 1
Core References
Scores
CVSS v3
6.1
EPSS
0.0096
EPSS Percentile
56.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Published
May 22, 2024
Tracked Since
Feb 18, 2026