Lucene search
K

71 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.6 views

Malicious code in slate-liquid-asset-loader (npm)

The package slate-liquid-asset-loader was found to contain malicious code...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:17 a.m.5 views

CVE-2023-30963

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...

5.4CVSS6.1AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:44 a.m.6 views

CVE-2023-30949

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks...

5.3CVSS6.8AI score0.00176EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/15 9:13 p.m.4 views

Malicious code in rich-text-slate-rc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1974a05b4def032650d8412ad77b9ee7b6e530942c4a3ccb90e9c07d5b58830a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/11/15 9:13 p.m.4 views

MAL-2024-10780 Malicious code in rich-text-slate-rc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1974a05b4def032650d8412ad77b9ee7b6e530942c4a3ccb90e9c07d5b58830a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/20 7:4 p.m.16 views

CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs

Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...

8.3CVSS5.9AI score0.00515EPSS
Exploits0References3
CVE
CVE
added 2024/09/20 7:4 p.m.76 views

CVE-2024-47061

The CVE-2024-47061 issue affects Plate editors using @udecode/plate-core, where arbitrary DOM attributes can be injected via nodeProps (often from the attributes property), enabling cross-site scripting (XSS) and potential information exposure (e.g., user IPs and whether a malicious document is o...

8.3CVSS7.8AI score0.00515EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 12:44 p.m.5 views

Malicious code in grafana__slate-react (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 12:44 p.m.7 views

MAL-2024-2434 Malicious code in grafana__slate-react (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
added 2023/07/26 6:15 p.m.3 views

CVE-2023-30949

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References1
Prion
Prion
added 2023/07/26 6:15 p.m.31 views

Input validation

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks...

5CVSS5.2AI score0.00176EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/07/26 5:35 p.m.20 views

CVE-2023-30949 CVE-2023-30949

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/26 5:35 p.m.14 views

CVE-2023-30949 CVE-2023-30949

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks...

4.3CVSS6.8AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2023/07/26 5:35 p.m.56 views

CVE-2023-30949

CVE-2023-30949 affects Slate before version 6.207.0, tied to a missing origin validation in the Slate sandbox that could allow a malicious user to modify page content, enabling phishing. The vulnerability stems from sandbox origin checks and, per multiple sources, impacts Slate’s WYSIWYG web app ...

5.3CVSS4.8AI score0.00176EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.4 views

PT-2023-23079 · Slate · Slate

Name of the Vulnerable Software and Affected Versions: Slate affected versions not specified Description: A missing origin validation in the Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks. Recommendations: At the moment, the...

5.3CVSS5.1AI score0.00176EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/26 12:0 a.m.3 views

Slate 访问控制错误漏洞

slate is an extensible WYSIWYG web application from slate for quickly creating interactive, data-driven web pages. A security vulnerability exists in Slate versions prior to 6.207.0, which stems from a lack of source validation in the sandbox that could be exploited by a malicious user to modify...

5.3CVSS5.7AI score0.00176EPSS
Exploits0References2
NVD
NVD
added 2023/07/10 10:15 p.m.17 views

CVE-2023-30963

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...

5.4CVSS5.3AI score0.0033EPSS
Exploits0References1
OSV
OSV
added 2023/07/10 10:15 p.m.2 views

CVE-2023-30963

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...

5.4CVSS5.8AI score0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/10 9:4 p.m.14 views

CVE-2023-30963 Stored XSS in Foundry Slate Query Dropdown menu

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...

5.4CVSS6AI score0.0033EPSS
Exploits0References1
CVE
CVE
added 2023/07/10 9:4 p.m.46 views

CVE-2023-30963

CVE-2023-30963 describes a Stored XSS vulnerability in Palantir Foundry Frontend (Slate component) that could be exploited if CSP protections were bypassed. Affected software is Foundry Frontend; the root cause is an XSS weakness in Slate dropdown handling when CSP is not properly enforced. The v...

5.4CVSS5.3AI score0.0033EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder