Palo Alto Networks Security Advisories / CVE-2022-0020

CVE-2022-0020 Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface

Severity 6.8 · MEDIUM
Attack Vector NETWORK
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required HIGH
Integrity Impact HIGH
User Interaction REQUIRED
Availability Impact HIGH


A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations.

This issue impacts:

All builds of Cortex XSOAR 6.1.0;

Cortex XSOAR 6.2.0 builds earlier than build 1958888.

Product Status

Cortex XSOAR 6.5.0Noneall
Cortex XSOAR 6.2.0< 1958888>= 1958888
Cortex XSOAR 6.1.0all

Severity: MEDIUM

CVSSv3.1 Base Score: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-79 Cross-site Scripting (XSS)


This issue is fixed in Cortex XSOAR 6.2.0 build 1958888 and all later Cortex XSOAR versions.

Workarounds and Mitigations

There are no known workarounds for this issue.


Palo Alto Networks thanks Ömür Uğur of Türk Telekom for discovering and reporting this issue.


Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.