CVE-2023-26046

Name of the Vulnerable Software and Affected Versions teler-waf versions prior to 0.1.1

Description The issue exists due to teler-waf's failure to properly sanitize and filter HTML entities in user input, allowing an attacker to bypass common web attack rules and launch cross-site scripting (XSS) attacks. This enables the execution of arbitrary JavaScript code on the victim's browser, compromising the web application's security. An attacker can exploit this to steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser to perform malicious actions.

Recommendations For versions prior to 0.1.1, update to version 0.1.1 to fix the vulnerability. As a temporary workaround, consider implementing additional input validation and sanitization measures to minimize the risk of exploitation. Restrict access to sensitive information and session tokens to prevent unauthorized access.