CVE-2024-5906
Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Description
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:HPrivileges RequiredUI:RUser InteractionS:CScopeC:LConfidentialityI:LIntegrityA:NAvailabilityWeaknesses
Affected Products
Exploitability
Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.
View exploit detailsAttack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2024-5906 and every CVE in our database. Create a free account — no credit card required.
Create Free Account