CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
PASSIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/SC:N/VI:L/SI:N/VA:N/SA:N/AU:N/U:Amber/R:A/V:D/RE:M
EPSS
Percentile
14.5%
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another userβs browser when accessed by that other user.
[
{
"defaultStatus": "unaffected",
"product": "Prisma Cloud Compute",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "32.05 (OβNeal - Update 5)",
"status": "unaffected"
}
],
"lessThan": "32.05 (OβNeal - Update 5)",
"status": "affected",
"version": "32",
"versionType": "custom"
}
]
}
]