CVE-2021-3043 — Cross-site Scripting in Palo Alto Networks Prisma Cloud Compute

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.8MEDIUMNVD

CNA7.5

EPSS

0.2%

top 55.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Prisma Cloud Compute Paloaltonetworks Prisma Cloud Paloalto Prisma Cloud Compute

Timeline

PublishedJul 15

Latest updateMay 27

Description

A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.1…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5palo_alto_networks/prisma_cloud_compute21.04 — 21.04.439+1

▶Palo Altopaloalto/prisma_cloud_compute

▶NVDpaloaltonetworks/prisma_cloud20.12 — 20.12.552+1

🔴Vulnerability Details

GHSA

GHSA-789j-5m28-p6v3: A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrar↗2022-05-24

▶

CVEList

Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console↗2021-07-15

▶

📋Vendor Advisories

Palo Alto

Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console↗2021-07-14

▶

💬Community

Bugzilla

CVE-2021-47555 kernel: net: vlan: fix underflow for the real_dev refcnt↗2024-05-27

▶