CVE-2024-0435

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue allows a user to send a chat containing an XSS opportunity, which will execute when the chat is sent and on subsequent page loads. The risk is considered low because the minimum requirement for a user to send a chat is to be given access to a workspace via an admin. Additionally, the location where the XSS renders is limited to the user who submits it, effectively limiting the attack to the user attacking themselves. There is no anonymous chat submission unless the user fails to take the minimum steps required to protect their instance.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.