Unrated severityNVD Advisory· Published Sep 26, 2023· Updated Sep 24, 2024

Stored XSS via javascript URI in Apollo Change Requests comment

CVE-2023-30959

Description

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.

Affected products

Palace/Com.palantir.apollo:autopilotv5
Range: *

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

palantir.safebase.usmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000