How severe is CVE-2024-0435?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-0435?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-0435 - HIGH Severity | CVSS 8.1

Vulnerability Description

User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS renders is only limited to the user who submits the XSS. Ultimately, this attack is limited to the user attacking themselves. There is no anonymous chat submission unless the user does not take the minimum steps required to protect their instance.

Related Vulnerabilities

CVE-2017-8899

HIGH

CVSS:8.1(High)

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by...

CWE-792017

CVE-2019-10905

HIGH

CVSS:8.1(High)

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the c...

CWE-792019

CVE-2019-11215

HIGH

CVSS:8.1(High)

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many con...

CWE-792019

CVE-2019-17337

HIGH

CVSS:8.1(High)

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker t...

CWE-792019

CVE-2019-19821

HIGH

CVSS:8.1(High)

A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not ...

CWE-792019

CVE-2020-15273

HIGH

CVSS:8.1(High)

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registrat...

CWE-792020