PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

CVE-2023-6789

4.3MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: PAN-OS; Prisma Access; Cloud NGFW
Vendor: CVE Published:; 13 December 2023

Summary

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.

Affected Version(s)

PAN-OS < 8.1.26

PAN-OS < 9.0.17-h4

PAN-OS < 9.1.17

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability Reserved.
Dec 13, 2023
Vulnerability published.
Dec 13, 2023

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Md Sameull Islam of Beetles Cyber Security LTD, Kajetan Rostojek, and an external reporter for discovering and reporting this issue.