Security Advisory

CVE-2022-0020

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-10 18:10:23

Last updated 2024-09-16 16:53:59

Assigner palo_alto

State PUBLISHED

Description

A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.

← Browse all CVEs View on cve.org ↗