The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .
Metrics
CVSS Version: 3.1 |
Base Score: 6.8 MEDIUM Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
CWE-ID: CWE-434 CWE Name: The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product
s environment. Source: Palantir
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID: CAPEC-592 CAPEC Description: An adversary utilizes a form of Cross-site Scripting (XSS) where a malicious script is persistently "stored" within the data storage of a vulnerable web application as valid input.