In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
References
Link | Resource |
---|---|
https://palantir.safebase.us/?tcuUid=4c257f07-58af-4532-892a-bdbe8ab3ec63 | Third Party Advisory |
Configurations
History
27 Sep 2023, 18:45
Type | Values Removed | Values Added |
---|---|---|
First Time |
Palantir
Palantir apollo Autopilot |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CWE | CWE-79 | |
CPE | cpe:2.3:a:palantir:apollo_autopilot:*:*:*:*:*:*:*:* | |
References | (MISC) https://palantir.safebase.us/?tcuUid=4c257f07-58af-4532-892a-bdbe8ab3ec63 - Third Party Advisory |
27 Sep 2023, 15:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-27 15:18
Updated : 2024-02-28 20:33
NVD link : CVE-2023-30959
Mitre link : CVE-2023-30959
CVE.ORG link : CVE-2023-30959
JSON object : View
Products Affected
palantir
- apollo_autopilot