CVE-2024-5906
CVSS V2 None
CVSS V3 None
Description
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.
Overview
- CVE ID
- CVE-2024-5906
- Assigner
- palo_alto
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-12T16:22:38.881Z
- Last Modified Date
- 2024-06-12T18:17:47.920Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2024-5906 | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-5906 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5906 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 03:13:11 | Added to TrackCVE |