Palo Alto Networks Security Advisories / CVE-2024-0007

CVE-2024-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

Severity 6.3 · MEDIUM
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction PASSIVE
Product Confidentiality LOW
Product Integrity LOW
Product Availability LOW
Privileges Required HIGH
Subsequent Confidentiality HIGH
Subsequent Integrity HIGH
Subsequent Availability HIGH


A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.

Product Status

Cloud NGFW NoneAll
PAN-OS 11.1NoneAll on Panorama
PAN-OS 11.0NoneAll on Panorama
PAN-OS 10.2NoneAll on Panorama
PAN-OS 10.1< 10.1.6 on Panorama>= 10.1.6 on Panorama
PAN-OS 10.0< 10.0.11 on Panorama>= 10.0.11 on Panorama
PAN-OS 9.1< 9.1.16 on Panorama>= 9.1.16 on Panorama
PAN-OS 9.0< 9.0.17 on Panorama>= 9.0.17 on Panorama
PAN-OS 8.1< 8.1.24-h1 on Panorama, < 8.1.25 on Panorama>= 8.1.24-h1 on Panorama, >= 8.1.25 on Panorama
Prisma Access NoneAll

Severity: MEDIUM

CVSSv4.0 Base Score: 6.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')


This issue is fixed on Panorama in PAN-OS 8.1.24-h1, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions.

Workarounds and Mitigations

This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at

Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94996 (Applications and Threats content update 8810).


Palo Alto Networks thanks an external reporter for discovering and reporting this issue.


Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.