Stored XSS Vulnerability in WAF-ASP by TR7 Cyber Defense Inc.
CVE-2026-4772

5.4MEDIUM

What is CVE-2026-4772?

A stored cross-site scripting (XSS) vulnerability exists in WAF-ASP by TR7 Cyber Defense Inc. This issue arises from improper neutralization of user input during web page generation, allowing attackers to inject malicious scripts that can be executed when users access affected pages. This vulnerability impacts versions from 1.0.324.900 to 1.4.0.117, posing a significant risk to web applications utilizing this firewall.

Affected Version(s)

WAF-ASP v1.0.324.900

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Serhat YAPICI
.