CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38789 – WordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-38789
20 Jul 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through 3.8.2. The Telegram Bot & Channel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they ca... • https://patchstack.com/database/wordpress/plugin/telegram-bot/vulnerability/wordpress-telegram-bot-channel-plugin-3-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34658
https://notcve.org/view.php?id=CVE-2023-34658
29 Jun 2023 — Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController. • https://crsrg.sh/crsrg-2308101 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34006 – WordPress Telegram Bot & Channel Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-34006
29 May 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <= 3.6.2 versions. The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a us... • https://patchstack.com/database/vulnerability/telegram-bot/wordpress-telegram-bot-channel-plugin-3-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 2%CPEs: 2EXPL: 3CVE-2023-26818 – Telegram on macOS TCC Bypass
https://notcve.org/view.php?id=CVE-2023-26818
16 May 2023 — Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. • https://packetstorm.news/files/id/172396 • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43363
https://notcve.org/view.php?id=CVE-2022-43363
06 Dec 2022 — Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding. ** EN DISPUTA ** Telegram Web 15.3.1 permite XSS a través de un determinado payload derivado de un sitio web de Target Corporation. NOTA: algunos terceros no han podido discernir ninguna relación entre la información de Pastebin y un posible hallazgo XSS. • https://bugs.telegram.org/c/17831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41861
https://notcve.org/view.php?id=CVE-2021-41861
04 Oct 2021 — The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory. La aplicación Telegram versiones 7.5.0 hasta 7.8.0 para Android no implementa correctamente l... • https://desktop.telegram.org/changelog#v-2-6-23-02-21 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40532
https://notcve.org/view.php?id=CVE-2021-40532
06 Sep 2021 — Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension. Telegram Web K Alpha versiones anteriores a 0.7.2, maneja inapropiadamente los caracteres de una extensión de documento. • https://github.com/morethanwords/tweb/commit/f224e459c36eb96b2cf9dba559a48b1f08d23330 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37596
https://notcve.org/view.php?id=CVE-2021-37596
27 Jul 2021 — Telegram Web K Alpha 0.6.1 allows XSS via a document name. Telegram Web K Alpha versión 0.6.1, permite un ataque de tipo XSS por medio de un nombre de documento • https://github.com/morethanwords/tweb/commit/11d2fe01363889f20c8baa2217ed4aad445c5551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36769
https://notcve.org/view.php?id=CVE-2021-36769
16 Jul 2021 — A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client. Se presenta un problema de reordenación en Telegram versiones anteriores a 7.8.1 para Android, Telegram versiones anteriores a 7.8.3 para iOS y Telegram Desktop versiones anteriores a 2.8.8. Un atacante puede causar al servidor recibir mensajes en un orden diferente al que se e... • https://mtpsym.github.io •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31315
https://notcve.org/view.php?id=CVE-2021-31315
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por un Desbordamiento en la región Stack d... • https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow • CWE-787: Out-of-bounds Write •