cbcvebase.
CVE-2023-6789
published 2023-12-13

CVE-2023-6789: A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a…

PriorityP419medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.41%
33.4th percentile
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.

Affected

21 ranges
VendorProductVersion rangeFixed in
linuxlinux_kernel>= 0 < 5.4.2515.4.251
linuxlinux_kernel>= 5.11.0 < 6.1.426.1.42
linuxlinux_kernel>= 5.16.0 < 6.4.76.4.7
linuxlinux_kernel>= 5.5.0 < 5.10.1885.10.188
linuxlinux_kernel>= 5.6.0 < 5.15.1235.15.123
palo_alto_networkspan-os10.0 – All
palo_alto_networkspan-os>= 10.1 < 10.1.1110.1.11
palo_alto_networkspan-os>= 10.2 < 10.2.510.2.5
palo_alto_networkspan-os>= 11.0 < 11.0.211.0.2
palo_alto_networkspan-os>= 8.1 < 8.1.268.1.26
palo_alto_networkspan-os>= 9.0 < 9.0.17-h49.0.17-h4
palo_alto_networkspan-os>= 9.1 < 9.1.179.1.17
paloaltocloud_ngfw
paloaltopan-os
paloaltoprisma_access
paloaltonetworkspan-os>= 10.1.0 < 10.1.1110.1.11
paloaltonetworkspan-os>= 10.2.0 < 10.2.510.2.5
paloaltonetworkspan-os>= 11.0.0 < 11.0.211.0.2
paloaltonetworkspan-os>= 8.1.0 < 8.1.268.1.26
paloaltonetworkspan-os>= 9.0.0 < 9.0.179.0.17
paloaltonetworkspan-os>= 9.1.0 < 9.1.179.1.17
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.