CVE-2021-3043

A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*
cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*

History

27 Jul 2021, 15:12

Type Values Removed Values Added
CWE CWE-79
CPE cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 4.8
References (MISC) https://security.paloaltonetworks.com/CVE-2021-3043 - (MISC) https://security.paloaltonetworks.com/CVE-2021-3043 - Vendor Advisory

15 Jul 2021, 17:21

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-15 17:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-3043

Mitre link : CVE-2021-3043

CVE.ORG link : CVE-2021-3043


JSON object : View

Products Affected

paloaltonetworks

  • prisma_cloud
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')