CVE-2024-9467 HIGH

CVE-2024-9467: Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure

Vendor Palo Alto Networks
Product Expedition
Weakness CWE-79 · XSS
Published October 9, 2024
Last update October 18, 2024

CVSS base score

7.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

What the vulnerability does

01Description

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.

Key dates

02Disclosure timeline

October 9, 2024 CVE published
October 18, 2024 Record updated

Related vulnerabilities

04Related CVE