PT-2014-5487 · Palo Alto Networks · Pan-Os
Avi Gimpel
+1
·
Published
2014-12-22
·
Updated
2020-02-17
·
CVE-2014-3764
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Palo Alto Networks PAN-OS versions prior to 5.0.15
Palo Alto Networks PAN-OS versions 5.1.x prior to 5.1.10
Palo Alto Networks PAN-OS versions 6.0.x prior to 6.0.6
Description
A cross-site scripting issue exists in the web-based device management interface, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. This occurs because data provided by the user is echoed back without sanitization, potentially tricking an authenticated administrator into injecting malicious JavaScript into the web UI interface.
Recommendations
For versions prior to 5.0.15, update to version 5.0.15 or later.
For versions 5.1.x prior to 5.1.10, update to version 5.1.10 or later.
For versions 6.0.x prior to 6.0.6, update to version 6.0.6 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os