CVE-2022-23466

Name of the Vulnerable Software and Affected Versions teler versions prior to 2.0.0-rc.4

Description The teler dashboard is vulnerable to DOM-based cross-site scripting (XSS) when it requests messages from the event stream on the "/events" endpoint, and the log data displayed on the dashboard are not sanitized. This only affects authenticated users and can be exploited if the log contains a DOM scripting payload.

Recommendations For versions prior to 2.0.0-rc.4, upgrade to version v2.0.0-rc.4 or later. As a temporary workaround, consider deactivating the live event dashboard from the configuration file.