Skip to main content

WAF-ASP CVE-2026-4772

| EUVDEUVD-2026-41370 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-02 TR-CERT GHSA-887m-hc2v-7mwj
5.4
CVSS 3.1 · Vendor: TR-CERT
Share

Severity by source

Vendor (TR-CERT) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
5.4 MEDIUM

Network-delivered stored XSS requiring a low-privilege authenticated write and victim page-view; scope change reflects payload executing in the victim's browser security context.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (TR-CERT).

CVSS VectorVendor: TR-CERT

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 02, 2026 - 13:16 vuln.today

DescriptionCVE.org

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS.

This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.

AnalysisAI

Stored XSS in TR7 Cyber Defense Inc.'s WAF-ASP web application firewall permits authenticated low-privilege attackers to inject persistent malicious scripts that execute in the browsers of other users - including administrators - who later view the affected page. Versions from v1.0.324.900 up to but not including v1.4.0.117 are confirmed affected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege WAF-ASP credentials
Delivery
Inject stored XSS payload into writable management interface field
Exploit
Victim administrator views affected page
Execution
Payload executes in admin browser context
Impact
Exfiltrate session token or perform privileged action

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid WAF-ASP account with at least low-privilege write access to an input field that is stored and subsequently rendered to other users (PR:L per CVSS). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 3.1 score of 5.4 (Medium) reflects a network-reachable (AV:N), low-complexity (AC:L), low-privilege (PR:L), user-interaction-required (UI:R), scope-changed (S:C), low-confidentiality and low-integrity impact flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privilege WAF-ASP account injects a crafted JavaScript payload - such as a cookie-stealing script or a CSRF-triggering request - into a stored input field within the management interface (for example, a rule name, comment, or log annotation). When an administrator subsequently navigates to the page that renders this stored content, the script silently executes in the administrator's browser, exfiltrating their session token to an attacker-controlled endpoint. …
Remediation Upgrade WAF-ASP to v1.4.0.117 or later, which is the vendor-released patch version confirmed by the TR-CERT advisory at https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0487. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-4772 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy