CVE-2023-30962 – Stored XSS in cerberus attachments

https://notcve.org/view.php?id=CVE-2023-30962

The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 . Se descubrió que el servicio Gotham Cerberus tenía una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que podría haber permitido a un atacante con acceso a Gotham lanzar ataques contra otros usuarios. Esta vulnerabilidad se resuelve en Cerberus 100.230704.0-27-g031dd58. • https://palantir.safebase.us/?tcuUid=92dd599a-07e2-43a8-956a-9c9566794be0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •