Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Network-delivered stored XSS requiring a low-privilege authenticated write and victim page-view; scope change reflects payload executing in the victim's browser security context.
Primary rating from Vendor (TR-CERT).
CVSS VectorVendor: TR-CERT
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Stored XSS.
This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.
AnalysisAI
Stored XSS in TR7 Cyber Defense Inc.'s WAF-ASP web application firewall permits authenticated low-privilege attackers to inject persistent malicious scripts that execute in the browsers of other users - including administrators - who later view the affected page. Versions from v1.0.324.900 up to but not including v1.4.0.117 are confirmed affected. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid WAF-ASP account with at least low-privilege write access to an input field that is stored and subsequently rendered to other users (PR:L per CVSS). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD-assigned CVSS 3.1 score of 5.4 (Medium) reflects a network-reachable (AV:N), low-complexity (AC:L), low-privilege (PR:L), user-interaction-required (UI:R), scope-changed (S:C), low-confidentiality and low-integrity impact flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privilege WAF-ASP account injects a crafted JavaScript payload - such as a cookie-stealing script or a CSRF-triggering request - into a stored input field within the management interface (for example, a rule name, comment, or log annotation). When an administrator subsequently navigates to the page that renders this stored content, the script silently executes in the administrator's browser, exfiltrating their session token to an attacker-controlled endpoint. … |
| Remediation | Upgrade WAF-ASP to v1.4.0.117 or later, which is the vendor-released patch version confirmed by the TR-CERT advisory at https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0487. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Authentication abuse in TR7 Cyber Defense WAF-ASP (versions v1.0.324.900 through v1.4.0.116) lets remote unauthenticated
DOM-Based cross-site scripting in TR7 Cyber Defense Inc.'s WAF-ASP product allows an authenticated low-privilege attacke
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41370
GHSA-887m-hc2v-7mwj