Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An issue was discovered in server.js in TileServer GL The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.