CVE-2023-30963: Stored XSS in Foundry Slate Query Dropdown menu
First published: Mon Jul 10 2023(Updated: )
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
Credit: cve-coordination@palantir.com cve-coordination@palantir.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palantir Foundry Frontend | <6.229.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this security defect in Foundry Frontend?
The vulnerability ID is CVE-2023-30963.
What is the severity of CVE-2023-30963?
The severity of CVE-2023-30963 is medium with a severity value of 5.4.
What is the affected software of CVE-2023-30963?
The affected software is Palantir Foundry Frontend with versions up to 6.229.0.
How can I fix CVE-2023-30963?
To fix CVE-2023-30963, update Foundry Frontend to version 6.229.0 or higher.
Where can I find more information about CVE-2023-30963?
You can find more information about CVE-2023-30963 at the following link: [CVE-2023-30963](https://palantir.safebase.us/?tcuUid=3c6b63b7-fb67-4202-a94a-9c83515efb8a)
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/description
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/title
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/palantir
- canonical/palantir foundry frontend