{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-30958", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "state": "PUBLISHED", "assignerShortName": "Palantir", "dateReserved": "2023-04-21T11:25:51.028Z", "datePublished": "2023-08-03T21:09:10.026Z", "dateUpdated": "2023-08-03T21:09:10.026Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2023-08-03T21:09:10.026Z"}, "title": "DOM XSS in Developer mode dashboard via redirect GET parameter", "affected": [{"vendor": "Palantir", "product": "com.palantir.foundry:foundry-frontend", "versions": [{"version": "*", "versionType": "semver", "lessThan": "6.225.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed.\n\nThis defect was resolved with the release of Foundry Frontend 6.225.0.\n\n"}], "impacts": [{"capecId": "CAPEC-588", "descriptions": [{"lang": "en", "value": "This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is inserted into the client-side HTML being parsed by a web browser. Content served by a vulnerable web application includes script code used to manipulate the Document Object Model (DOM). This script code either does not properly validate input, or does not perform proper output encoding, thus creating an opportunity for an adversary to inject a malicious script launch a XSS attack. A key distinction between other XSS attacks and DOM-based attacks is that in other XSS attacks, the malicious script runs when the vulnerable web page is initially loaded, while a DOM-based attack executes sometime after the page loads. Another distinction of DOM-based attacks is that in some cases, the malicious script is never sent to the vulnerable web server at all. An attack like this is guaranteed to bypass any server-side filtering attempts to protect users."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-83", "description": "The product does not neutralize or incorrectly neutralizes \"javascript:\" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.", "lang": "en", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "baseSeverity": "MEDIUM", "baseScore": 4.7}, "format": "CVSS"}], "references": [{"url": "https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b"}], "source": {"discovery": "EXTERNAL", "defect": ["PLTRSEC-2023-27"]}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A394572-A4EE-403D-B924-38DBE3F42E9B", "versionEndExcluding": "6.225.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed.\n\nThis defect was resolved with the release of Foundry Frontend 6.225.0.\n\n"}], "id": "CVE-2023-30958", "lastModified": "2023-11-07T04:14:08.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cve-coordination@palantir.com", "type": "Secondary"}]}, "published": "2023-08-03T22:15:12.170", "references": [{"source": "cve-coordination@palantir.com", "tags": ["Vendor Advisory"], "url": "https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b"}], "sourceIdentifier": "cve-coordination@palantir.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-83"}], "source": "cve-coordination@palantir.com", "type": "Secondary"}]}

{}