PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
CVE-2023-6789
4.3MEDIUM
Key Information
- Vendor
- Palo Alto Networks
- Status
- PAN-OS
- Prisma Access
- Cloud NGFW
- Vendor
- CVE Published:
- 13 December 2023
Summary
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.
Affected Version(s)
PAN-OS < 8.1.26
PAN-OS < 9.0.17-h4
PAN-OS < 9.1.17
Refferences
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability Reserved
Vulnerability published
Collectors
NVD DatabaseMitre Database
Credit
Palo Alto Networks thanks Md Sameull Islam of Beetles Cyber Security LTD, Kajetan Rostojek, and an external reporter for discovering and reporting this issue.