CVE-2023-30949

Summary

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.

Affected Software

VendorProductVersion RangeStatus
Palantircom.palantir.slate:slate* < 6.207.0affected

Weaknesses

  • CWE-1173: The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References