CVE-2023-26046 (teler-waf)

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can …

application attack attacks browser bypassing code compromise cve entities filter html http ids input javascript middleware payload protect rules security teler ids the web version victim vulnerability vulnerable waf web web application