PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

CVE-2023-0007
6.5MEDIUM

Key Information

Status
Pan-os
Prisma Access
Cloud Ngfw
Vendor
CVE Published:
10 May 2023

Badges

👾 Exploit Exists

Summary

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.

Affected Version(s)

PAN-OS < 10.0.7

PAN-OS < 9.1.16

PAN-OS < 9.0.17

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • Risk change from: 4.8 to: 6.5 - (MEDIUM)

  • Initial publication

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Colin McQueen
.