Unrated severityNVD Advisory· Published Oct 9, 2024· Updated Oct 18, 2024

Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure

CVE-2024-9467

Description

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.

Affected products

Paloaltonetworks/Expeditioncpe-rescue2 versions
cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:*range: 1.2.0
- (no CPE)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.paloaltonetworks.com/PAN-SA-2024-0010mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000