CVE-2024-9467

moderate-risk

Published 2024-10-09

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.

Do I need to act?

1.8% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Expedition

Affected Vendors

Paloaltonetworks

References (1)

Mitigation https://security.paloaltonetworks.com/PAN-SA-2024-0010

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 5/34 · Minimal

Exposure 5/34 · Minimal