CVE-2022-0020 Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface
This issue impacts:
All builds of Cortex XSOAR 6.1.0;
Cortex XSOAR 6.2.0 builds earlier than build 1958888.
|Cortex XSOAR 6.5.0||None||all|
|Cortex XSOAR 6.2.0||< 1958888||>= 1958888|
|Cortex XSOAR 6.1.0||all|
CVSSv3.1 Base Score: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
Palo Alto Networks is not aware of any malicious exploitation of this issue.
This issue is fixed in Cortex XSOAR 6.2.0 build 1958888 and all later Cortex XSOAR versions.
Workarounds and Mitigations
There are no known workarounds for this issue.