teler.app is vulnerable to cross-site scripting. The vulnerability exists because the script.js
does not properly escape the user input strings before being rendered on the dashboard, allowing an attacker to inject and execute malicious javascript through the /events
endpoint.
CPE | Name | Operator | Version |
---|---|---|---|
teler.app | eq | v2.0.0-dev | |
teler.app | le | v2.0.0-rc.3 | |
teler.app | eq | v2.0.0-dev | |
teler.app | le | v2.0.0-rc.3 |