Palo Alto Networks Security Advisories / PAN-SA-2016-0014

PAN-SA-2016-0014 Cross-site scripting issue in policy


047910
Severity 4.6 · MEDIUM
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required LOW
Integrity Impact LOW
User Interaction REQUIRED
Availability Impact NONE
JSON CSAF
Published 2016-07-14
Updated 2016-07-14
Reference 93072, PAN-SA-2016-0014

Description

Palo Alto Networks firewalls running the PAN-OS web interface are subject to a cross-site scripting vulnerability (Ref. 93072).

Exploitation of this problem is available only to interactive users logged in to the management interface with read and write privileges.

This issue affects PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier

Product Status

VersionsAffectedUnaffected
PAN-OS 7.0<= 7.0.7>= 7.0.8
PAN-OS 6.1<= 6.1.11>= 6.1.12
PAN-OS 6.0<= 6.0.13>= 6.0.14
PAN-OS 5.1<= 5.1.11>= 5.1.12
PAN-OS 5.0<= 5.0.18>= 5.0.19

Severity: MEDIUM

CVSSv3.1 Base Score: 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

Solution

PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.8 and later

Workarounds and Mitigations

This issue is available only to web interface authenticated users. Palo Alto Networks recommends implementing best practices, only allowing management access to a restricted set of IP addresses, and dedicating management of the device to the management interface only.

Acknowledgments

Palo Alto Networks thanks Travis Christianson for discovering and reporting the issue.
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.