CVE-2023-30968 MEDIUM

CVE-2023-30968: Stored XSS in gaia

Weakness CWE-434 · Unrestricted file upload
Published March 12, 2024
Last update August 21, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.

Key dates

02Disclosure timeline

March 12, 2024 CVE published
August 21, 2024 Record updated