CVE-2024-5906 MEDIUM

CVE-2024-5906: Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

Vendor Palo Alto Networks

Product Prisma Cloud Compute

Weakness CWE-79 · XSS

Published June 12, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.

Key dates

02Disclosure timeline

June 12, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5906

Related vulnerabilities

04Related CVE

CVE-2025-31597 WordPress Ultimate Live Cricket WordPress Lite plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability CVE-2023-32291 WordPress MonsterInsights Pro Plugin <= 8.14.1 is vulnerable to Cross Site Scripting (XSS) CVE-2026-27427 WordPress Geo Mashup plugin <= 1.13.18 - Cross Site Scripting (XSS) vulnerability CVE-2025-31436 WordPress Blubrry PowerPress Podcasting plugin MultiSite add-on plugin <= 0.1.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-2072 Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Identifiers

CVE CVE-2024-5906

CWE CWE-79

CVSS 4.8 / MEDIUM

Affected versions

Vendor Palo Alto Networks

Product Prisma Cloud Compute

Affected ≥ 32 and < 32.05 (O’Neal - Update 5)