EUVD-2023-35301

Malicious code in bioql PyPI...

EUVD-2023-35296

Malicious code in bioql PyPI...

CVE-2023-30963

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...

CVE-2023-30958

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

CVE-2023-30958

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

CVE-2023-30958

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

Design/Logic Flaw

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

CVE-2023-30958 DOM XSS in Developer mode dashboard via redirect GET parameter

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

CVE-2023-30958

CVE-2023-30958: Foundry Frontend is affected by a DOM-based XSS vulnerability in the Developer mode dashboard (via redirect GET parameter) that could occur if CSP is bypassed. Root cause involves DOM XSS conditions when CSP protections are bypassed. The issue is resolved in Foundry Frontend 6.225...

CVE-2023-30958 DOM XSS in Developer mode dashboard via redirect GET parameter

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

PT-2023-23086 · Foundry · Foundry Frontend

Name of the Vulnerable Software and Affected Versions: Foundry Frontend versions prior to 6.225.0 Description: A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's Content Security Policy CSP were to be bypassed...

Foundry Frontend Cross-Site Scripting Vulnerability

Foundry Frontend is an application from Foundry, Inc. A security vulnerability exists in Foundry Frontend that stems from a vulnerability that allows an attacker to bypass Foundry's CSP and conduct DOM-type cross-site scripting XSS attacks...

CVE-2023-30963

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...

CVE-2023-30963

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...

Cross site scripting

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...

CVE-2023-22835

A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Found...

CVE-2023-22835

A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Found...

Code injection

A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Found...

CVE-2023-30963 Stored XSS in Foundry Slate Query Dropdown menu

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...

CVE-2023-30963

CVE-2023-30963 describes a Stored XSS vulnerability in Palantir Foundry Frontend (Slate component) that could be exploited if CSP protections were bypassed. Affected software is Foundry Frontend; the root cause is an XSS weakness in Slate dropdown handling when CSP is not properly enforced. The v...