CVE-2023-6789 MEDIUM

CVE-2023-6789: PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

Vendor Palo Alto Networks

Product PAN-OS

Weakness CWE-79 · XSS

Published December 13, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.

Key dates

02Disclosure timeline

December 13, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6789 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2023-6789

CWE CWE-79

CVSS 4.3 / MEDIUM

Affected versions

Vendor Palo Alto Networks

Product PAN-OS

Affected ≥ 8.1 and < 8.1.26

Vendor Palo Alto Networks

Product PAN-OS

Affected ≥ 9.0 and < 9.0.17-h4

Vendor Palo Alto Networks

Product PAN-OS

Affected ≥ 9.1 and < 9.1.17

Vendor Palo Alto Networks

Product PAN-OS

Affected ≥ 10.0 and ≤ All

Vendor Palo Alto Networks

Product PAN-OS

Affected ≥ 10.1 and < 10.1.11

Vendor Palo Alto Networks

Product PAN-OS

Affected ≥ 10.2 and < 10.2.5

Vendor Palo Alto Networks

Product PAN-OS

Affected ≥ 11.0 and < 11.0.2

CVE-2023-6789: PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

01Description

02Disclosure timeline

03References

04Related CVE