Telegram WebK vulnerable to XSS via postMessage event
CVE-2024-33905
Currently unrated
What is CVE-2024-33905?
The vulnerability in Telegram WebK prior to version 2.0.0 (488) allows attackers to exploit cross-site scripting (XSS) via a specialized Mini Web App. This security flaw can be triggered using the postMessage web_app_open_link event type, enabling unauthorized access to user sessions and the potential for session hijacking. Users engaging with malicious Mini Web Apps may inadvertently expose their sensitive data, raising serious concerns about privacy and security within the platform.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.