CVE-2021-3043
HIGHPrisma Cloud Compute 20.12-20.12.551 and 21.04-21.04.438 - Authenticated Reflected Cross-Site Scripting
Title source: llmDescription
A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.paloaltonetworks.com/CVE-2021-3043
Scores
CVSS v3
7.5
EPSS
0.0022
EPSS Percentile
44.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-79
Status
published
Products (1)
paloaltonetworks/prisma_cloud
20.12 - 20.12.552
Published
Jul 15, 2021
Tracked Since
Feb 18, 2026