From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Lightdash - Stored Cross-Site Scripting 2. Vulnerability Severity: High 3. Vulnerability Description: Multiple stored cross-site scripting (XSS) vulnerabilities exist in the markdown dashboard and dashboard comments functionality of Lightdash version 0.1024.6. Remote authenticated threat actors can inject malicious scripts, which execute in the context of user sessions. 4. Affected Scope: Lightdash version 0.1024.6. 5. Fixed Version: 0.1042.2. 6. Exploitation Methods: - Markdown Dashboard: By editing a dashboard and inserting a malicious payload, then saving and viewing the dashboard. - Dashboard Comments: By using the dashboard comments feature to add a new comment and inserting a malicious payload within the comment. 7. Exploitation Steps: - Markdown Dashboard: Log in, create a dashboard, edit it, insert the payload, save, and view. - Dashboard Comments: Log in, add a comment, insert the payload, save, and view. 8. Exploitation Example: Demonstrates how to store an XSS payload via an HTTP request. 9. Further Analysis: Threat actors require administrator or editor privileges to exploit the vulnerability. Successful exploitation depends on users accessing the affected pages. 10. Vendor Analysis: The vendor identified the root cause as script execution within the markdown and comments components. The issue was fixed in version 0.1042.2. 11. Patch Information: Two patches were applied, one for markdown tiles and another for comments. 12. Timeline: Report Date: March 7, 2024; Fix Date: March 26, 2024; Disclosure Date: August 30, 2024. This information provides a detailed overview of the stored XSS vulnerability in Lightdash, including exploitation methods, remediation steps, and timeline.