CVE-2024-9467 — Cross-site Scripting in Palo Alto Networks Expedition

CWE-79 — Cross-site Scripting7 documents5 sources

Severity

7.0HIGHNVD

EPSS

1.4%

top 19.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Expedition Paloaltonetworks Expedition

Timeline

PublishedOct 9

Latest updateNov 1

Description

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDpaloaltonetworks/expedition1.2.0 — 1.2.96

▶CVEListV5palo_alto_networks/expedition1.2.0 — 1.2.96

🔴Vulnerability Details

CVEList

Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure↗2024-10-09

▶

GHSA

GHSA-h8v4-hc3c-vf8p: A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition↗2024-10-09

▶

🕵️Threat Intelligence

Wiz

Crying Out Cloud - November 2024 Newsletter | Wiz↗2024-11-01

▶

Wiz

3 Critical CVEs in Palo Alto Networks Expedition | Wiz Blog↗2024-10-10

▶

Wiz

3 Critical CVEs in Palo Alto Networks Expedition | Wiz Blog↗2024-10-10

▶

Bleepingcomputer

Palo Alto Networks warns of firewall hijack bugs with public exploit↗2024-10-09

▶