CVE-2026-4772
MediumCVSS 5.4Summary
A stored Cross-Site Scripting (XSS) vulnerability has been found in TR7 Cyber Defense Inc. WAF-ASP due to improper input neutralization during web page generation. The issue affects versions from v1.0.324.900 before v1.4.0.117.
Risk Assessment
An attacker can inject a malicious script that executes in other users' browsers, potentially leading to session theft, account takeover, or data leakage.
Recommendation
Immediately update WAF-ASP to version v1.4.0.117 or later, which contains the fix for this vulnerability.
Original NVD description (English source)
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.

