PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface

CVE-2023-6790

8.8HIGH

Key Information

Vendor: Palo Alto Networks
Status: PAN-OS; Prisma Access; Cloud NGFW
Vendor: CVE Published:; 13 December 2023

Summary

A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.

Affected Version(s)

PAN-OS < 8.1.25

PAN-OS < 9.0.17

PAN-OS < 9.1.16

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability Reserved.
Dec 13, 2023
Vulnerability published.
Dec 13, 2023

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Kajetan Rostojek for discovering and reporting this issue.