Lucene search
Veracode Vulnerability DatabaseVERACODE:39501HistoryMar 03, 2023 - 10:06 a.m.
Cross-site Scripting (XSS)
2023-03-0310:06:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
cross-site scripting
github
vulnerability
user input
html entities
javascript
browser
login tokens
security
EPSS
0.001
Percentile
46.8%
github.com/kitabisa/teler-waf is vulnerable to Cross-site Scripting (XSS) attacks. The library does not properly escape and filter HTML entities in user input before it output to the front end, allowing an attacker to inject and execute malicious JavaScript on a victim’s browser, and potentially steal login tokens.
Related
osv
osv
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
2023-03-01 19:19:43
Cross site scripting in github.com/kitabisa/teler-waf
2023-03-02 00:34:19
CVE-2023-26046
2023-03-02 01:15:11
prion
prion
Cross site scripting
2023-03-02 01:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-26046
2023-03-02 01:15:11
github
github
cve
cve
CVE-2023-26046
2023-03-02 01:15:11