github.com/kitabisa/teler-waf is vulnerable to Cross-site Scripting (XSS) attacks. The library does not properly escape and filter HTML entities in user input before it output to the front end, allowing an attacker to inject and execute malicious JavaScript on a victim’s browser, and potentially steal login tokens.