{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-30962","assignerOrgId":"bbcbe11d-db20-4bc2-8a6e-c79f87041fd4","state":"PUBLISHED","assignerShortName":"Palantir","dateReserved":"2023-04-21T11:25:51.028Z","datePublished":"2023-09-12T18:29:42.065Z","dateUpdated":"2024-09-25T15:23:04.176Z"},"containers":{"cna":{"providerMetadata":{"orgId":"bbcbe11d-db20-4bc2-8a6e-c79f87041fd4","shortName":"Palantir","dateUpdated":"2023-09-12T18:29:42.065Z"},"title":"Stored XSS in cerberus attachments","affected":[{"vendor":"Palantir","product":"com.palantir.acme.cerberus:cerberus","versions":[{"version":"*","versionType":"semver","lessThan":"100.230704.0-27-g031dd58","status":"affected"}]}],"descriptions":[{"lang":"en","value":"The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 ."}],"impacts":[{"capecId":"CAPEC-592","descriptions":[{"lang":"en","value":"An adversary utilizes a form of Cross-site Scripting (XSS) where a malicious script is persistently \"stored\" within the data storage of a vulnerable web application as valid input."}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.","lang":"en","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N","baseSeverity":"MEDIUM","baseScore":6.8},"format":"CVSS"}],"references":[{"url":"https://palantir.safebase.us/?tcuUid=92dd599a-07e2-43a8-956a-9c9566794be0"}],"source":{"discovery":"INTERNAL","defect":["PLTRSEC-2023-29"]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T14:45:24.249Z"},"title":"CVE Program Container","references":[{"url":"https://palantir.safebase.us/?tcuUid=92dd599a-07e2-43a8-956a-9c9566794be0","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-25T15:01:25.276014Z","id":"CVE-2023-30962","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-25T15:23:04.176Z"}}]}}