PT-2018-6355 · Palo Alto Networks · Pan-Os
Shaun Wheelhouse
·
Published
2018-01-02
·
Updated
2020-02-17
·
CVE-2017-16878
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
PAN-OS versions prior to 8.0.7
Description:
A cross-site scripting (XSS) issue exists in the Captive Portal function, allowing remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration. This could allow an attacker to inject arbitrary javascript or HTML when the Captive Portal page is viewed by clients, potentially leading to a cross-site scripting (XSS) attack. The issue affects configurations in a certain way.
Recommendations:
For versions prior to 8.0.7, update to version 8.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the Captive Portal function until the update is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os