CVE-2022-0020
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations.
This issue impacts:
All builds of Cortex XSOAR 6.1.0;
Cortex XSOAR 6.2.0 builds earlier than build 1958888.
Source: CVE-2022-0020