Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.7 views

CVE-2024-2435

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

4.3CVSS4.3AI score0.00394EPSS
Exploits0References1
Chainguard
Chainguard
added 2024/04/02 5:15 p.m.29 views

CVE-2024-2435 vulnerabilities

Vulnerabilities for packages: temporal, temporal-fips...

4.3CVSS6.1AI score0.00394EPSS
Exploits0
Cvelist
Cvelist
added 2024/04/02 4:40 p.m.36 views

CVE-2024-2435 Stored XSS in Timeline View

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

4.3CVSS4.6AI score0.00394EPSS
Exploits0References1
CVE
CVE
added 2024/04/02 4:40 p.m.316 views

CVE-2024-2435

This CVE affects Temporal UI Server (github.com/temporalio/ui-server). The vulnerability is an XSS in the timeline page that displays workflow execution details, triggered when an attacker sends a signal to a workflow with a crafted signal name. The root cause is insufficient sanitization of the ...

4.3CVSS4.2AI score0.00394EPSS
Exploits0References1
OSV
OSV
added 2024/04/02 4:40 p.m.6 views

CVE-2024-2435 Stored XSS in Timeline View

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

4.3CVSS6.1AI score0.00394EPSS
Exploits0References5
Rows per page
Query Builder