A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. (Ref # 64563). This vulnerability has been assigned CVE-2014-3764.
This issue affects PAN-OS version 6.0.5 and earlier; 5.1.9 and earlier; 5.0.14 and earlier.
|PAN-OS 6.0||<= 6.0.5||>= 6.0.6|
|PAN-OS 5.1||<= 5.1.9||>= 5.1.10|
|PAN-OS 5.0||<= 5.0.14||>= 5.0.15|
CVSSv3.1 Base Score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
PAN-OS 6.0.6; PAN-OS 5.0.15; PAN-OS 5.1.10
This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.