Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure
CVE-2024-9467
6.1MEDIUM
Key Information
- Vendor
- Palo Alto Networks
- Status
- Expedition
- Vendor
- CVE Published:
- 9 October 2024
Badges
👾 Exploit Exists
Summary
A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.
Affected Version(s)
Expedition < 1.2.96
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
- 👾
Exploit exists.
Initial publication
Vulnerability published.
Collectors
NVD DatabaseMitre Database
Credit
Enrique Castillo of Palo Alto Networks