blob: 0d618683f8e714f1e95495b684bae3471f19001b [file] [log] [blame]
id: GO-2023-1597
modules:
- module: github.com/kitabisa/teler-waf
versions:
- fixed: 0.1.1
vulnerable_at: 0.1.0
packages:
- package: github.com/kitabisa/teler-waf
symbols:
- Teler.checkCustomRules
derived_symbols:
- Teler.Analyze
- Teler.HandlerFuncWithNext
summary: Cross site scripting in github.com/kitabisa/teler-waf
description: |-
Improper sanitization and filtering of HTML entities in user input can lead to
cross-site scripting (XSS) attacks where arbitrary JavaScript code is executed
in the browser.
cves:
- CVE-2023-26046
ghsas:
- GHSA-9f95-hhg4-pg4f
references:
- fix: https://github.com/kitabisa/teler-waf/commit/d1d49cfddfa3ec2adad962870f14b85cd1aaf739
- web: https://github.com/kitabisa/teler-waf/releases/tag/v0.1.1
- advisory: https://github.com/advisories/GHSA-9f95-hhg4-pg4f
review_status: REVIEWED