Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Fix Cross Site Scripting (XSS) issue in demo service #322
The format and srs parameter in the WMS/WMTS/TMS demo pages are not escaped.
A targeted, non-persistent Cross Site Scripting attack (XSS) could be used for information disclosure. For example: Session cookies of a third party application running on the same domain.
Users are advised to disable the demo service or to update MapProxy with the upcoming patch, if they are unsure whether this is a risk in their specific installation.