PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
CVE-2023-0007
6.5MEDIUM
Key Information
- Vendor
- Palo Alto Networks
- Status
- Pan-os
- Prisma Access
- Cloud Ngfw
- Vendor
- CVE Published:
- 10 May 2023
Badges
👾 Exploit Exists
Summary
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.
Affected Version(s)
PAN-OS < 10.0.7
PAN-OS < 9.1.16
PAN-OS < 9.0.17
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit exists.
Risk change from: 4.8 to: 6.5 - (MEDIUM)
Initial publication
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Colin McQueen