| id: GO-2023-1597 |
| modules: |
| - module: github.com/kitabisa/teler-waf |
| versions: |
| - fixed: 0.1.1 |
| vulnerable_at: 0.1.0 |
| packages: |
| - package: github.com/kitabisa/teler-waf |
| symbols: |
| - Teler.checkCustomRules |
| derived_symbols: |
| - Teler.Analyze |
| - Teler.HandlerFuncWithNext |
| summary: Cross site scripting in github.com/kitabisa/teler-waf |
| description: |- |
| Improper sanitization and filtering of HTML entities in user input can lead to |
| cross-site scripting (XSS) attacks where arbitrary JavaScript code is executed |
| in the browser. |
| cves: |
| - CVE-2023-26046 |
| ghsas: |
| - GHSA-9f95-hhg4-pg4f |
| references: |
| - fix: https://github.com/kitabisa/teler-waf/commit/d1d49cfddfa3ec2adad962870f14b85cd1aaf739 |
| - web: https://github.com/kitabisa/teler-waf/releases/tag/v0.1.1 |
| - advisory: https://github.com/advisories/GHSA-9f95-hhg4-pg4f |
| review_status: REVIEWED |