CVE-2023-30958 MEDIUM

CVE-2023-30958: DOM XSS in Developer mode dashboard via redirect GET parameter

Vendor Palantir
Product com.palantir.foundry:foundry-frontend
Weakness CWE-83
Published August 3, 2023
Last update October 9, 2024

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0.

Key dates

02Disclosure timeline

August 3, 2023 CVE published
October 9, 2024 Record updated