CVE-2024-33905

Name of the Vulnerable Software and Affected Versions Telegram WebK versions prior to 2.0.0 (488)

Description A Cross-Site Scripting (XSS) flaw in Telegram WebK allows attackers to gain full account access, potentially jeopardizing data and cryptowallets. The issue stems from the Mini App system and can be exploited via a malicious Mini Web App using the postMessage web app open link event type.

Recommendations For versions prior to 2.0.0 (488), update the web app to version 2.0.0 (488) or later for protection. As a temporary workaround, consider restricting the use of Mini Web Apps until the update is applied.