Lucene search
Veracode Vulnerability DatabaseVERACODE:39513HistoryMar 04, 2023 - 8:23 p.m.
Cross-site Scripting (XSS)
2023-03-0420:23:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
github
cross-site scripting
xss
vulnerability
javascript
browser
EPSS
0.001
Percentile
46.7%
github.com/kitabisa/teler-waf is vulnerable to Cross-site Scripting (XSS) attacks. The vulnerability is due to improper sanitization of case sensitive hex characters and CR/LF control characters, allowing an attacker to inject and execute malicious JavaScript on a victim’s browser.
References
github.com/advisories/GHSA-p2pf-g8cq-3gq5
github.com/dwisiswant0/cwa-filter-rules/commit/d818d1645832d1a02cd210c7680e692d2bf4313b
github.com/kitabisa/teler-waf/commit/6e1b0e19b8adc1bbc3513a986025d4adf88d59f8
github.com/kitabisa/teler-waf/releases/tag/v0.2.0
github.com/kitabisa/teler-waf/security/advisories/GHSA-p2pf-g8cq-3gq5
pkg.go.dev/vuln/GO-2023-1600
Related
cve
cve
CVE-2023-26047
2023-03-03 23:15:12
osv
osv
CVE-2023-26047
2023-03-03 23:15:12
teler-waf contains detection rule bypass via Entities payload
2023-03-01 20:37:23
Arbitrary code execution in github.com/kitabisa/teler-waf
2023-03-02 00:34:41
cvelist
cvelist
CVE-2023-26047 teler-waf contains detection rule bypass via entities payload
2023-03-03 22:44:16
prion
prion
Cross site scripting
2023-03-03 23:15:00
github
github
teler-waf contains detection rule bypass via Entities payload
2023-03-01 20:37:23
nvd
nvd
CVE-2023-26047
2023-03-03 23:15:12