3 matches found
CVE-2024-0435 User can submit message to self-XSS
User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS rende...
CVE-2024-0435
CVE-2024-0435 describes a self-targeted cross-site scripting (XSS) flaw in a chat feature. The vulnerability allows a user to inject XSS payloads into a chat message that executes when the message is sent and on subsequent page loads. According to the sources, exploitation requires the user to ha...
CVE-2024-0435 User can submit message to self-XSS
User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS rende...