DOM-based cross-site scripting (XSS) in teler dashboard
Description
teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting (XSS) in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard are not sanitized. This only affects authenticated users and can only be exploited based on detected threats if the log contains a DOM scripting payload. This vulnerability has been fixed on version v2.0.0-rc.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
teler.appGo | >= 2.0.0-rc, < 2.0.0-rc.4 | 2.0.0-rc.4 |
teler.appGo | >= 2.0.0-dev, < 2.0.0-dev.2 | 2.0.0-dev.2 |
teler.appGo | >= 0.0.0-20220625162531-2289e90590a9, < 0.0.0-20221203202318-20f59eda2420 | 0.0.0-20221203202318-20f59eda2420 |
teler.appGo | >= 1.2.3-0.20220625162531-2289e90590a9, < 1.2.3-0.20221203202318-20f59eda2420 | 1.2.3-0.20221203202318-20f59eda2420 |
Affected products
2Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-xr7p-8q82-878qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23466ghsaADVISORY
- github.com/kitabisa/teler/commit/20f59eda2420ac64e29f199a61230a0abc875e8eghsax_refsource_MISCWEB
- github.com/kitabisa/teler/security/advisories/GHSA-xr7p-8q82-878qghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.