Palo_altoCVELIST:CVE-2024-5906CVE-2024-5906 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
4.8 Medium
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/SC:N/VI:L/SI:N/VA:N/SA:N/AU:N/U:Amber/R:A/V:D/RE:M
0.0004 Low
EPSS
Percentile
9.0%
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another userโs browser when accessed by that other user.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Prisma Cloud Compute",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "32.05 (OโNeal - Update 5)",
"status": "unaffected"
}
],
"lessThan": "32.05 (OโNeal - Update 5)",
"status": "affected",
"version": "32",
"versionType": "custom"
}
]
}
]
4.8 Medium
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/SC:N/VI:L/SI:N/VA:N/SA:N/AU:N/U:Amber/R:A/V:D/RE:M
0.0004 Low
EPSS
Percentile
9.0%