Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-h8v4-hc3c-vf8p
Vulnerability from github
Published
2024-10-09 18:31
Modified
2024-10-15 15:30
Severity ?
Details
A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.
{
"affected": [],
"aliases": [
"CVE-2024-9467"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-09T17:15:20Z",
"severity": "HIGH"
},
"details": "A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user\u0027s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.",
"id": "GHSA-h8v4-hc3c-vf8p",
"modified": "2024-10-15T15:30:45Z",
"published": "2024-10-09T18:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9467"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red",
"type": "CVSS_V4"
}
]
}
cve-2024-9467
Vulnerability from cvelistv5
Published
2024-10-09 17:04
Modified
2024-10-18 11:52
Severity ?
EPSS score ?
Summary
A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/PAN-SA-2024-0010 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Palo Alto Networks | Expedition |
Version: 1.2.0 < 1.2.96 cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.2:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.3:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.4:2:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.5:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.6:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.7:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.8:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.9:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.10:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.11:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.12:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.13:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.14:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.15:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.16:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.17:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.18:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.19:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.20:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.21:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.22:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.23:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.24:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.25:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.26:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.28:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.29:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.30:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.31:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.32:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.33:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.34:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.35:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.36:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.37:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.38:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.39:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.40:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.41:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.42:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.43:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.44:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.45:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.46:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.47:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.48:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.49:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.50:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.51:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.52:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.53:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.54:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.55:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.56:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.57:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.58:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.59:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.60:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.61:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.62:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.63:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.64:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.65:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.66:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.67:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.68:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.69:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.70:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.71:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.72:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.73:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.74:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.75:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.76:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.77:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.78:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.79:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.80:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.81:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.82:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.83:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.84:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.85:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.86:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.87:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.88:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.89:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.90:1:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.91:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.92:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.93:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.94:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:expedition:1.2.95:-:*:*:*:*:*:* |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T18:09:44.149342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:10:00.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.2:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.3:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.4:2:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.5:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.6:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.7:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.8:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.9:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.10:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.11:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.12:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.13:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.14:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.15:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.16:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.17:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.18:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.19:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.20:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.21:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.22:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.23:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.24:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.25:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.26:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.28:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.29:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.30:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.31:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.32:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.33:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.34:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.35:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.36:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.37:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.38:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.39:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.40:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.41:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.42:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.43:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.44:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.45:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.46:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.47:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.48:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.49:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.50:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.51:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.52:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.53:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.54:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.55:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.56:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.57:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.58:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.59:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.60:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.61:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.62:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.63:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.64:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.65:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.66:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.67:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.68:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.69:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.70:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.71:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.72:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.73:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.74:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.75:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.76:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.77:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.78:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.79:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.80:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.81:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.82:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.83:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.84:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.85:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.86:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.87:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.88:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.89:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.90:1:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.91:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.92:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.93:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.94:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:expedition:1.2.95:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Expedition",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "1.2.96",
"status": "unaffected"
}
],
"lessThan": "1.2.96",
"status": "affected",
"version": "1.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Enrique Castillo of Palo Alto Networks"
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user\u0027s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft."
}
],
"value": "A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user\u0027s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T11:52:07.963Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.\u003cbr\u003e\u003cbr\u003eAll Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.\u003cbr\u003e\u003cbr\u003eAll firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating."
}
],
"value": "The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.\n\nAll Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.\n\nAll firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-10-09T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks."
}
],
"value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-9467",
"datePublished": "2024-10-09T17:04:56.867Z",
"dateReserved": "2024-10-03T11:35:14.299Z",
"dateUpdated": "2024-10-18T11:52:07.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.