Lucene search
PalantirCVELIST:CVE-2023-30968HistoryMar 12, 2024 - 7:39 p.m.
CVE-2023-30968 Stored XSS in gaia
2024-03-1219:39:24
CWE-434
Palantir
www.cve.org
cve-2023-30968
stored xss
cross-site scripting
gaia
gotham
csp
payload
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.0%
One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.
CNA Affected
[
{
"vendor": "Palantir",
"product": "com.palantir.acme.gaia:gaia",
"versions": [
{
"versionType": "semver",
"version": "100.240108.11",
"lessThan": "*",
"status": "unaffected"
},
{
"versionType": "semver",
"version": "100.240203.6",
"lessThan": "*",
"status": "unaffected"
},
{
"versionType": "semver",
"version": "100.230807.13",
"lessThan": "*",
"status": "unaffected"
},
{
"versionType": "semver",
"version": "100.240205.0-12-gf415217",
"lessThan": "*",
"status": "unaffected"
},
{
"versionType": "semver",
"version": "100.231108.82",
"lessThan": "*",
"status": "unaffected"
},
{
"versionType": "semver",
"version": "100.231009.47",
"lessThan": "*",
"status": "unaffected"
},
{
"versionType": "semver",
"version": "100.240202.9",
"lessThan": "*",
"status": "unaffected"
}
]
}
]Related
nvd
nvd
CVE-2023-30968
2024-03-12 20:15:07
prion
prion
Cross site scripting
2024-03-12 20:15:00
cve
cve
CVE-2023-30968
2024-03-12 20:15:07
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.0%
Related for CVELIST:CVE-2023-30968