CVE-2022-0020

Summary

A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCortex XSOAR6.5.0 allunaffected
Palo Alto NetworksCortex XSOAR6.1.0 allaffected
Palo Alto NetworksCortex XSOAR6.2.0 < 1958888affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References