6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.0%
One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.
[
{
"vendor": "Palantir",
"product": "com.palantir.acme.gaia:gaia",
"versions": [
{
"versionType": "semver",
"version": "100.240108.11",
"lessThan": "*",
"status": "unaffected"
},
{
"versionType": "semver",
"version": "100.240203.6",
"lessThan": "*",
"status": "unaffected"
},
{
"versionType": "semver",
"version": "100.230807.13",
"lessThan": "*",
"status": "unaffected"
},
{
"versionType": "semver",
"version": "100.240205.0-12-gf415217",
"lessThan": "*",
"status": "unaffected"
},
{
"versionType": "semver",
"version": "100.231108.82",
"lessThan": "*",
"status": "unaffected"
},
{
"versionType": "semver",
"version": "100.231009.47",
"lessThan": "*",
"status": "unaffected"
},
{
"versionType": "semver",
"version": "100.240202.9",
"lessThan": "*",
"status": "unaffected"
}
]
}
]