CVE-2023-30962
6.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Summary
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palantir | com.palantir.acme.cerberus:cerberus | * < 100.230704.0-27-g031dd58 | affected |
Weaknesses
- CWE-434: The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.