<div dir="ltr"><span style="font-size:12.800000190734863px">Hello,</span><div style="font-size:12.800000190734863px"><br></div><div style="font-size:12.800000190734863px">I'm a student working on a school project that utilises mapserver 6.2 installed from rpm on RedHat OS. My advisors are very concerned about the security of the system. From the security reports, we obtained this XSS vulnerability on the 'layer' parameter of WMTS service. </div><div style="font-size:12.800000190734863px"><br></div><p style="margin:0px 0px 7.5px;text-align:justify;font-size:7px;line-height:normal;font-family:Courier;color:rgb(0,0,0)"><a href="http://example.com/mapcache/wmts/?SERVICE=WMTS&REQUEST=GetTile&VERSION=1.0.0&LAYER" target="_blank">http://example.com/mapcache/<wbr>wmts/?SERVICE=WMTS&REQUEST=<wbr>GetTile&VERSION=1.0.0&LAYER</a><span style="background-color:rgb(255,255,0)">=--<wbr>%3E%3ca%20xml</span></p><p style="margin:0px 0px 7.5px;text-align:justify;font-size:7px;line-height:normal;font-family:Courier;color:rgb(0,0,0);background-color:rgb(255,255,0)">ns%3aa%3d%27http%3a%2f%<a href="http://2fwww.w3.org/" target="_blank">2fwww.<wbr>w3.org</a>%2f1999%2fxhtml%27%3e%<wbr>3ca%3abody%20onload%3d%<wbr>27alert(1111)%27%2f</p><div style="font-size:12.800000190734863px"><span style="color:rgb(0,0,0);font-family:Courier;font-size:7px;text-align:justify;background-color:rgb(255,255,0)">%3e%3c%2fa%3e</span><span style="color:rgb(0,0,0);font-family:Courier;font-size:7px;text-align:justify">&STYLE=default&<wbr>TILEMATRIXSET=epsg3857&<wbr>TILEMATRIX=6&TILEROW=23&<wbr>TILECOL=38&FORMAT=</span> <br clear="all"><div><br></div><div>I wonder if the newer versions of mapserver have this issue or is there any way to solve it?</div><div>Any help would be appreciated. </div><div><br></div><div>Beste</div></div></div>