A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.
2022-02-10T18:15:08.747
2024-11-21T06:37:50.003
Modified
CVSSv3.1: 6.8 (MEDIUM)
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.8
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | paloaltonetworks | cortex_xsoar | 6.1.0 | Yes |
| Application | paloaltonetworks | cortex_xsoar | 6.1.0 | Yes |
| Application | paloaltonetworks | cortex_xsoar | 6.1.0 | Yes |
| Application | paloaltonetworks | cortex_xsoar | 6.1.0 | Yes |
| Application | paloaltonetworks | cortex_xsoar | 6.1.0 | Yes |
| Application | paloaltonetworks | cortex_xsoar | 6.1.0 | Yes |
| Application | paloaltonetworks | cortex_xsoar | 6.1.0 | Yes |
| Application | paloaltonetworks | cortex_xsoar | 6.2.0 | Yes |
| Application | paloaltonetworks | cortex_xsoar | 6.2.0 | Yes |
| Application | paloaltonetworks | cortex_xsoar | 6.2.0 | Yes |
| Application | paloaltonetworks | cortex_xsoar | 6.2.0 | Yes |
| Application | paloaltonetworks | cortex_xsoar | 6.2.0 | Yes |
| Application | paloaltonetworks | cortex_xsoar | 6.2.0 | Yes |