Palo Alto Networks Security Advisories / CVE-2021-3043

CVE-2021-3043 Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console

Severity 7.5 · HIGH
Attack Vector NETWORK
Attack Complexity HIGH
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact HIGH
User Interaction REQUIRED
Availability Impact HIGH


A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface.

Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances.

This issue impacts:

Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552;

Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439.

Product Status

Prisma Cloud Compute 21.04< 21.04.439>= 21.04.439
Prisma Cloud Compute 20.12< 20.12.552>= 20.12.552

Severity: HIGH

CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-79 Cross-site Scripting (XSS)


This issue is fixed in Prisma Cloud Compute 20.12.552, Prisma Cloud Compute 21.04.439, and all later Prisma Cloud Compute versions.

Workarounds and Mitigations

There are no known workarounds for this issue.


This issue was found during an internal security review.


Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.