Palo Alto Networks · Cortex Xsoar · CVE-2022-0020
**Name of the Vulnerable Software and Affected Versions**
Palo Alto Network Cortex XSOAR versions 6.1.0
Palo Alto Network Cortex XSOAR version 6.2.0 builds earlier than 1958888
**Description**
A stored cross-site scripting (XSS) vulnerability in the Palo Alto Network Cortex XSOAR web interface allows an authenticated network-based attacker to store a persistent javascript payload. This payload can perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter it during normal operations.
**Recommendations**
For Cortex XSOAR versions 6.1.0, update to a version that includes the fix for this issue.
For Cortex XSOAR version 6.2.0 builds earlier than 1958888, update to a build 1958888 or later.