Home

Description

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.

PUBLISHED Reserved 2024-10-03 | Published 2024-10-09 | Updated 2024-10-18 | Assigner palo_alto




HIGH: 7.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
unaffected

1.2.0 (custom) before 1.2.96
affected

Timeline

2024-10-09:Initial publication

Credits

Enrique Castillo of Palo Alto Networks finder

References

security.paloaltonetworks.com/PAN-SA-2024-0010 vendor-advisory

cve.org (CVE-2024-9467)

nvd.nist.gov (CVE-2024-9467)

Download JSON