CVE-2023-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

🗓️ 10 May 2023 16:30:47Reported by palo_altoType

PAN-OS XSS Vulnerability - Stored JavaScript Payload

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2023-0007	10 May 202320:19	–	circl
CNNVD	Palo Alto Networks PAN-OS 跨站脚本漏洞	10 May 202300:00	–	cnnvd
CNVD	Palo Alto Networks PAN-OS Cross-Site Scripting Vulnerability (CNVD-2023-41498)	21 May 202300:00	–	cnvd
CVE	CVE-2023-0007	10 May 202316:30	–	cve
EUVD	EUVD-2023-12112	3 Oct 202520:07	–	euvd
NVD	CVE-2023-0007	10 May 202317:15	–	nvd
OSV	CVE-2023-0007	10 May 202317:15	–	osv
Palo Alto Networks	PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface	10 May 202316:00	–	paloalto
Tenable Nessus	Palo Alto Networks PAN-OS 8.1.x < 8.1.25 / 9.0.x < 9.0.17 / 9.1.x < 9.1.16 / 10.0.x < 10.0.7 Vulnerability	10 May 202300:00	–	nessus
Prion	Cross site scripting	10 May 202317:15	–	prion

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Panorama"
    ],
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "10.0.7",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.0.7",
        "status": "affected",
        "version": "10.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.1.16",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.1.16",
        "status": "affected",
        "version": "9.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.0.17",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.0.17",
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "8.1.25",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.1.25",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "10.1"
      },
      {
        "status": "unaffected",
        "version": "10.2"
      },
      {
        "status": "unaffected",
        "version": "11.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Prisma Access",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Cloud NGFW",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  }
]

Source	Link
security	www.security.paloaltonetworks.com/CVE-2023-0007

10 May 2023 16:30Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.5

EPSS0.00427

CWE-80