CVE-2023-6790 — Cross-site Scripting in Palo Alto Networks Pan-os

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

CNA8.8

EPSS

0.2%

top 58.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Cloud Ngfw +2 more

Timeline

PublishedDec 13

Description

A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

▶NVDpaloaltonetworks/pan-os8.1.0 — 8.1.25+6

▶CVEListV5palo_alto_networks/pan-os8.1 — 8.1.25+6

▶Palo Altopaloalto/pan-os

▶Palo Altopaloalto/cloud_ngfw

▶Palo Altopaloalto/prisma_access

🔴Vulnerability Details

CVEList

PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface↗2023-12-13

▶

GHSA

GHSA-8r5w-j8rm-886w: A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload i↗2023-12-13

▶

📋Vendor Advisories

Palo Alto

PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface↗2023-12-13

▶