Unrated severityNVD Advisory· Published Feb 10, 2022· Updated Sep 16, 2024

Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface

CVE-2022-0020

Description

A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.

Affected products

Paloaltonetworks/Cortex XSOARcpe-rescue
Range: 6.1.0 all

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/171782/Palo-Alto-Cortex-XSOAR-6.5.0-Cross-Site-Scripting.htmlmitre
security.paloaltonetworks.com/CVE-2022-0020mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000