Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Authenticated (PR:L) DOM-XSS requiring victim browser interaction (UI:R); network-reachable management UI; low and symmetrical C/I impact; no availability or scope change.
Primary rating from Vendor (TR-CERT).
CVSS VectorVendor: TR-CERT
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows DOM-Based XSS.
This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117.
AnalysisAI
DOM-Based cross-site scripting in TR7 Cyber Defense Inc.'s WAF-ASP product allows an authenticated low-privilege attacker to inject malicious JavaScript that executes in the browser of any user who interacts with a crafted page within the WAF's web interface. Affected versions span v1.0.42.239 through versions prior to v1.4.0.117. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an attacker to hold authenticated low-privilege access to the TR7 WAF-ASP web management interface (PR:L per CVSS vector), meaning valid credentials are a hard prerequisite. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) scores 4.6 (Medium), and this assessment aligns with the realistic risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privilege credentials for the TR7 WAF-ASP web interface crafts a URL or page input containing a malicious JavaScript payload exploiting a DOM sink in the management UI. The attacker then social-engineers a higher-privileged administrator into clicking the link or navigating to the crafted page; the victim's browser executes the attacker's script in the context of the WAF management session, potentially enabling session token theft or unauthorized configuration changes within the WAF. |
| Remediation | Upgrade TR7 WAF-ASP to version v1.4.0.117 or later, which is the confirmed fix version per the CVE description. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Authentication abuse in TR7 Cyber Defense WAF-ASP (versions v1.0.324.900 through v1.4.0.116) lets remote unauthenticated
Stored XSS in TR7 Cyber Defense Inc.'s WAF-ASP web application firewall permits authenticated low-privilege attackers to
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41369
GHSA-w8ww-7f32-x6g5