CVE-2024-12223

Stored Cross-site Scripting (XSS) in Nutanix Prism Central

Discovered by Andrew Suters on behalf of The Missing Link Security

Vulnerability Details

Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context.

Affected Versions

Before 2024.3.1

Fixed Versions

Fixed in: 2024.3.1

Acknowledgement of Country

The Missing Link acknowledges the Traditional Owners of the land where we work and live. We pay our respects to Elders past, present and emerging. We celebrate the stories, culture and traditions of Aboriginal and Torres Strait Islanders of all communities who also work and live on this land.