Foundry Frontend DOM XSS before v6.225.0
CVE-2023-30958 Published on August 3, 2023
DOM XSS in Developer mode dashboard via redirect GET parameter
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed.
This defect was resolved with the release of Foundry Frontend 6.225.0.
Weakness Type
Improper Neutralization of Script in Attributes in a Web Page
The software does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.
Products Associated with CVE-2023-30958
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-30958 are published in Zabbix Frontend:
Affected Versions
com.palantir.foundry:foundry-frontend:- Version * and below 6.225.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.