Description
In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
No history.
Subscriptions
No data.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-02T02:42:59.741Z
Reserved: 2024-04-29T00:00:00.000Z
Link: CVE-2024-33905
Updated: 2024-08-02T02:42:59.741Z
Status : Deferred
Published: 2024-04-29T06:15:17.667
Modified: 2026-06-17T07:32:32.730
Link: CVE-2024-33905
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')