CVE-2023-30968

MEDIUM

Gotham Gaia - XSS

Title source: llm

Description

One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.

References (1)

Core 1

Core References

Various Sources

https://palantir.safebase.us/?tcuUid=01589957-ed41-4c74-90a0-3f09f7aee1cb

Scores

CVSS v3 6.8

EPSS 0.0010

EPSS Percentile 27.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (7)

Palantir/com.palantir.acme.gaia:gaia 100.230807.13

Palantir/com.palantir.acme.gaia:gaia 100.231009.47

Palantir/com.palantir.acme.gaia:gaia 100.231108.82

Palantir/com.palantir.acme.gaia:gaia 100.240108.11

Palantir/com.palantir.acme.gaia:gaia 100.240202.9

Palantir/com.palantir.acme.gaia:gaia 100.240203.6

Palantir/com.palantir.acme.gaia:gaia 100.240205.0-12-gf415217

Published Mar 12, 2024

Tracked Since Feb 18, 2026