blob: 38549059bbeba920e28785833d4a72bc9e3c0f08 [file] [log] [blame]
id: GO-2023-1597
modules:
- module: github.com/kitabisa/teler-waf
versions:
- fixed: 0.1.1
vulnerable_at: 0.1.0
packages:
- package: github.com/kitabisa/teler-waf
symbols:
- Teler.checkCustomRules
derived_symbols:
- Teler.Analyze
- Teler.HandlerFuncWithNext
summary: Cross site scripting in github.com/kitabisa/teler-waf
description: |-
Improper sanitization and filtering of HTML entities in user input can lead to
cross-site scripting (XSS) attacks where arbitrary JavaScript code is executed
in the browser.
cves:
- CVE-2023-26046
ghsas:
- GHSA-9f95-hhg4-pg4f
references:
- fix: https://github.com/kitabisa/teler-waf/commit/d1d49cfddfa3ec2adad962870f14b85cd1aaf739
- web: https://github.com/kitabisa/teler-waf/releases/tag/v0.1.1
- advisory: https://github.com/advisories/GHSA-9f95-hhg4-pg4f