CVE-2023-30963 MEDIUM

CVE-2023-30963: Stored XSS in Foundry Slate Query Dropdown menu

Vendor Palantir
Product com.palantir.foundry:foundry-frontend
Weakness CWE-82
Published July 10, 2023
Last update October 21, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

Key dates

02Disclosure timeline

July 10, 2023 CVE published
October 21, 2024 Record updated