A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
References
Link | Resource |
---|---|
https://security.paloaltonetworks.com/CVE-2023-6790 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Dec 2023, 18:53
Type | Values Removed | Values Added |
---|---|---|
First Time |
Paloaltonetworks
Paloaltonetworks pan-os |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
Summary |
|
|
References | () https://security.paloaltonetworks.com/CVE-2023-6790 - Vendor Advisory | |
CPE | cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* |
13 Dec 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-13 19:15
Updated : 2023-12-18 18:53
NVD link : CVE-2023-6790
Mitre link : CVE-2023-6790
CVE.ORG link : CVE-2023-6790
JSON object : View
Products Affected
paloaltonetworks
- pan-os
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')