PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

CVE-2023-6789

4.3MEDIUM

Key Information

Status
PAN-OS
Prisma Access
Cloud NGFW
Vendor
CVE Published:
13 December 2023

Summary

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.

Affected Version(s)

PAN-OS < 8.1.26

PAN-OS < 9.0.17-h4

PAN-OS < 9.1.17

Refferences

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Md Sameull Islam of Beetles Cyber Security LTD, Kajetan Rostojek, and an external reporter for discovering and reporting this issue.
.