A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.
References
Link | Resource |
---|---|
https://security.paloaltonetworks.com/PAN-SA-2024-0010 | Mitigation Vendor Advisory |
Configurations
History
15 Oct 2024, 15:09
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | () https://security.paloaltonetworks.com/PAN-SA-2024-0010 - Mitigation, Vendor Advisory | |
CPE | cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:* | |
First Time |
Paloaltonetworks
Paloaltonetworks expedition |
10 Oct 2024, 12:51
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-09 17:15
Updated : 2024-10-15 15:09
NVD link : CVE-2024-9467
Mitre link : CVE-2024-9467
CVE.ORG link : CVE-2024-9467
JSON object : View
Products Affected
paloaltonetworks
- expedition
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')