CVE-2022-0020
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.
| Software | From | Fixed in |
|---|---|---|
| paloaltonetworks / cortex_xsoar | 6.2.0 | 6.2.0.x |
| paloaltonetworks / cortex_xsoar | 6.1.0-1016923 | 6.1.0-1016923.x |
| paloaltonetworks / cortex_xsoar | 6.1.0-1031903 | 6.1.0-1031903.x |
| paloaltonetworks / cortex_xsoar | 6.1.0-848144 | 6.1.0-848144.x |
| paloaltonetworks / cortex_xsoar | 6.1.0-1077664 | 6.1.0-1077664.x |
| paloaltonetworks / cortex_xsoar | 6.1.0 | 6.1.0.x |
| paloaltonetworks / cortex_xsoar | 6.2.0-1271082 | 6.2.0-1271082.x |
| paloaltonetworks / cortex_xsoar | 6.2.0-1321594 | 6.2.0-1321594.x |
| paloaltonetworks / cortex_xsoar | 6.2.0-1473927 | 6.2.0-1473927.x |
| paloaltonetworks / cortex_xsoar | 6.1.0-1209934 | 6.1.0-1209934.x |
| paloaltonetworks / cortex_xsoar | 6.1.0-1271079 | 6.1.0-1271079.x |
| paloaltonetworks / cortex_xsoar | 6.2.0-1578666 | 6.2.0-1578666.x |
| paloaltonetworks / cortex_xsoar | 6.2.0-1822745 | 6.2.0-1822745.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime