3 matches found
CVE-2023-26046
creationtimestamp| type| source ---|---|--- 2023-03-02 07:34:05+00:00| seen| https://t.me/cibsecurity/59306 2025-03-05 21:34:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6615...
CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
CVE-2023-26046
CVE-2023-26046 affects kitabisa/teler-waf (Go HTTP middleware). Prior to v0.1.1, it fails to properly sanitize HTML entities in user input, enabling bypass of common web attack rules and enabling cross-site scripting (XSS) in a victim’s browser. Impact described across multiple sources includes a...