CVE-2024-5906 — Cross-site Scripting in Palo Alto Networks Prisma Cloud Compute

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.4%

top 40.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Prisma Cloud Compute Paloaltonetworks Prisma Cloud Paloalto Prisma Cloud Compute

Timeline

PublishedJun 12

Description

A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5palo_alto_networks/prisma_cloud_compute32 — 32.05 (O’Neal - Update 5)

▶Palo Altopaloalto/prisma_cloud_compute

▶NVDpaloaltonetworks/prisma_cloud< 32.05.124

🔴Vulnerability Details

GHSA

GHSA-whj9-g8q3-623p: A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permiss↗2024-06-12

▶

CVEList

Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface↗2024-06-12

▶

📋Vendor Advisories

Palo Alto

Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface↗2024-06-12

▶