Back to search
CVE-2024-5906
Published: Jun 12, 2024
Modified: Aug 1, 2024
PUBLISHED
Description
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.
| Vendor | Product | Versions |
|---|---|---|
Palo Alto Networks | Prisma Cloud Compute | affected 32 - < 32.05 (O’Neal - Update 5) |
Weaknesses (CWE)
References
https://security.paloaltonetworks.com/CVE-2024-5906
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now