cve/2023/CVE-2023-30949.md

### [CVE-2023-30949](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30949)
![](https://img.shields.io/static/v1?label=Product&message=com.palantir.slate%3Aslate&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%3C%206.207.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20product%20does%20not%20use%2C%20or%20incorrectly%20uses%2C%20an%20input%20validation%20framework%20that%20is%20provided%20by%20the%20source%20language%20or%20an%20independent%20library.&color=brighgreen)

### Description

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.

### POC

#### Reference
- https://palantir.safebase.us/?tcuUid=bbc1772c-e10a-45cc-b89f-48cc1a8b2cfc

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-30949](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30949)`
			`![](https://img.shields.io/static/v1?label=Product&message=com.palantir.slate%3Aslate&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=*%3C%206.207.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20product%20does%20not%20use%2C%20or%20incorrectly%20uses%2C%20an%20input%20validation%20framework%20that%20is%20provided%20by%20the%20source%20language%20or%20an%20independent%20library.&color=brighgreen)`

			`### Description`

			`A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.`

			`### POC`

			`#### Reference`
			`- https://palantir.safebase.us/?tcuUid=bbc1772c-e10a-45cc-b89f-48cc1a8b2cfc`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`