CVE-2023-30963

EPSS 0.3%
Veröffentlicht 10.07.2023 22:15:09
Zuletzt bearbeitet 21.11.2024 08:01:10
Quelle cve-coordination@palantir.com
CVE-Watchlists
Login
Unerledigt
Login

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Palantir ≫ Foundry Frontend Version < 6.229.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.525

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cve-coordination@palantir.com	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CWE-82 Improper Neutralization of Script in Attributes of IMG Tags in a Web Page

The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute.

https://palantir.safebase.us/?tcuUid=3c6b63b7-fb67-4202-a94a-9c83515efb8a

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-30963

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-30963

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-30963

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-30963