CVE-2022-0020

MEDIUM

Cortex XSOAR 6.1.0 and < 6.2.0 build 1958888 - Authenticated Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-0020. PoCs published by omurugur.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Palo Alto Cortex XSOAR by sending a crafted HTTP POST request with a malicious payload in the 'name' and 'description' fields. The payload triggers a JavaScript prompt when rendered in the web interface.

Description

A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.

Exploits (1)

exploitdb WORKING POC
by omurugur · textwebappsmultiple
https://www.exploit-db.com/exploits/51343

This exploit demonstrates a stored XSS vulnerability in Palo Alto Cortex XSOAR by sending a crafted HTTP POST request with a malicious payload in the 'name' and 'description' fields. The payload triggers a JavaScript prompt when rendered in the web interface.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Palo Alto Cortex XSOAR 6.5.0, 6.2.0, 6.1.0
Auth required
Prerequisites: Authenticated access to the Cortex XSOAR web interface · Ability to send HTTP POST requests to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.8
EPSS 0.0171
EPSS Percentile 74.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-79
Status published
Products (2)
paloaltonetworks/cortex_xsoar 6.1.0 (7 CPE variants)
paloaltonetworks/cortex_xsoar 6.2.0 (6 CPE variants)
Published Feb 10, 2022
Tracked Since Feb 18, 2026