Telegram Web
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-43363 | 0.00 | — | 0.00 | Dec 6, 2022 | Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding. | |||
| CVE-2021-40532 | 0.00 | — | 0.01 | Sep 6, 2021 | Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension. | |||
| CVE-2018-20436 | 0.00 | — | 0.02 | Dec 24, 2018 | The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also… |
- CVE-2022-43363Dec 6, 2022risk 0.00cvss —epss 0.00
Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding.
- CVE-2021-40532Sep 6, 2021risk 0.00cvss —epss 0.01
Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension.
- CVE-2018-20436Dec 24, 2018risk 0.00cvss —epss 0.02
The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also…