5 matches found
CVE-2024-2435
For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...
CVE-2024-2435 vulnerabilities
Vulnerabilities for packages: temporal, temporal-fips...
CVE-2024-2435 Stored XSS in Timeline View
For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...
CVE-2024-2435
This CVE affects Temporal UI Server (github.com/temporalio/ui-server). The vulnerability is an XSS in the timeline page that displays workflow execution details, triggered when an attacker sends a signal to a workflow with a crafted signal name. The root cause is insufficient sanitization of the ...
CVE-2024-2435 Stored XSS in Timeline View
For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...