Lucene search
GoogleOSV:GO-2023-1597HistoryMar 02, 2023 - 12:34 a.m.
Cross site scripting in github.com/kitabisa/teler-waf
2023-03-0200:34:19
Google
osv.dev
10
cross site scripting
github
kitabisa/teler-waf
html entities
xss attacks
javascript code
browser
software
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
43.4%
Improper sanitization and filtering of HTML entities in user input can lead to cross-site scripting (XSS) attacks where arbitrary JavaScript code is executed in the browser.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/kitabisa/teler-waf | lt | 0.1.1 |
Related
cvelist
cvelist
cve
cve
CVE-2023-26046
2023-03-02 01:15:11
osv
osv
CVE-2023-26046
2023-03-02 01:15:11
prion
prion
Cross site scripting
2023-03-02 01:15:00
nvd
nvd
CVE-2023-26046
2023-03-02 01:15:11
veracode
veracode
Cross-site Scripting (XSS)
2023-03-03 10:06:28
github
github
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
43.4%
Related for OSV:GO-2023-1597