CVE Catalog

CVE-2026-4772

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Summary

A stored Cross-Site Scripting (XSS) vulnerability has been found in TR7 Cyber Defense Inc. WAF-ASP due to improper input neutralization during web page generation. The issue affects versions from v1.0.324.900 before v1.4.0.117.

Risk Assessment

An attacker can inject a malicious script that executes in other users' browsers, potentially leading to session theft, account takeover, or data leakage.

Recommendation

Immediately update WAF-ASP to version v1.4.0.117 or later, which contains the fix for this vulnerability.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS