A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. (Ref# 73638)
This issue affects the management interface of the device, where an authenticated administrator may be tricked into injecting malicious javascript into the web UI interface.
This issue affects PAN-OS 6.1.2 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier
Versions | Affected | Unaffected |
---|---|---|
PAN-OS 6.1 | <= 6.1.2 | >= 6.1.3 |
PAN-OS 6.0 | <= 6.0.8 | >= 6.0.9 |
PAN-OS 5.0 | <= 5.0.15 | >= 5.0.16 |
CVSSv3.1 Base Score: 5.7 (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N)
CWE-79 Cross-site Scripting (XSS)
PAN-OS 6.1.3; PAN-OS 6.0.9; PAN-OS 5.0.16
This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.