PT-2018-6355 · Palo Alto Networks · Pan-Os
Shaun Wheelhouse
·
Publicado
2018-01-02
·
Atualizado
2020-02-17
·
CVE-2017-16878
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
PAN-OS versions prior to 8.0.7
Description:
A cross-site scripting (XSS) issue exists in the Captive Portal function, allowing remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration. This could allow an attacker to inject arbitrary javascript or HTML when the Captive Portal page is viewed by clients, potentially leading to a cross-site scripting (XSS) attack. The issue affects configurations in a certain way.
Recommendations:
For versions prior to 8.0.7, update to version 8.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the Captive Portal function until the update is applied.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Pan-Os