Palo Alto Networks PAN-OS Software Vulnerable to Cross-Site Scripting Attacks
CVE-2024-0007
4.8MEDIUM
Key Information:
- Vendor
- Palo Alto Networks
- Vendor
- CVE Published:
- 14 February 2024
Badges
๐พ Exploit Exists
Summary
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.
Affected Version(s)
PAN-OS Panorama 8.1 < 8.1.24-h1
PAN-OS Panorama 8.1 < 8.1.25
PAN-OS Panorama 9.0 < 9.0.17
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Palo Alto Networks thanks an external reporter for discovering and reporting this issue.