CVE Catalog

CVE-2026-4770

MediumCVSS 4.6
Published: Updated: Translated: NVD NIST

Summary

A DOM-Based XSS vulnerability was found in TR7 Cyber Defense Inc. Web Application Firewall due to improper input neutralization during page generation. It affects versions from 1.0.42.239 before 1.4.0.117.

Risk Assessment

An attacker can inject a malicious client-side script, potentially leading to session theft, account takeover, or data leakage.

Recommendation

Immediately update the Web Application Firewall to version 1.4.0.117 or later, which includes the fix for this vulnerability.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS