Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-5906

June 12, 2024, 5:15 p.m.

Product(s) Impacted

Palo Alto Networks Prisma Cloud Compute

Description

A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.

Weaknesses

Date

Published: June 12, 2024, 5:15 p.m.

Last Modified: June 12, 2024, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@paloaltonetworks.com

References

https://security.paloaltonetworks.com/ psirt@paloaltonetworks.com