Vulnerability Description
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Cortex Xsoar | 6.1.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171782/Palo-Alto-Cortex-XSOAR-6.5.0-Cross-S
- https://security.paloaltonetworks.com/CVE-2022-0020Vendor Advisory
- http://packetstormsecurity.com/files/171782/Palo-Alto-Cortex-XSOAR-6.5.0-Cross-S
- https://security.paloaltonetworks.com/CVE-2022-0020Vendor Advisory
FAQ
What is CVE-2022-0020?
CVE-2022-0020 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will per...
How severe is CVE-2022-0020?
CVE-2022-0020 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0020?
Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Cortex Xsoar.