teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting (XSS) in the teler dashboard. When teler requests messages from the event stream on the `/events` endpoint, the log data displayed on the dashboard are not sanitized. This only affects authenticated users and can only be exploited based on detected threats if the log contains a DOM scripting payload. This vulnerability has been fixed on version `v2.0.0-rc.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| teler.app(Go) | 2.0.0-rc | 2.0.0-rc.4 | N/A |
| teler.app(Go) | 2.0.0-dev | 2.0.0-dev.2 | N/A |
| teler.app(Go) | 0.0.0-20220625162531-2289e90590a9 | 0.0.0-20221203202318-20f59eda2420 | N/A |
| teler.app(Go) | 1.2.3-0.20220625162531-2289e90590a9 | 1.2.3-0.20221203202318-20f59eda2420 | N/A |
CVSS Metrics
