Palo Alto Networks Security Advisories / PAN-SA-2016-0018

PAN-SA-2016-0018 WildFire Cross-Site Scripting Vulnerability


047910
Severity 6.3 · MEDIUM
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required NONE
Integrity Impact LOW
User Interaction REQUIRED
Availability Impact LOW
JSON CSAF
Published 2016-08-12
Updated 2016-08-12
Reference WTC-3355, PAN-SA-2016-0018

Description

A Palo Alto Networks firewall displaying a WildFire cloud integrated report is susceptible to a cross-site scripting condition (Ref # WTC-3355).

A sample analyzed by the WildFire cloud could trigger a cross-site scripting attack against a firewall administrator who is displaying a WildFire report. This vulnerability is restricted to the context in which the report is parsed by the cloud.

This issue affects Palo Alto Networks hosted WildFire cloud from January to August 9th 2016

Product Status

VersionsAffectedUnaffected
WildFire Cloud Nonecurrent

Severity: MEDIUM

CVSSv3.1 Base Score: 6.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

Solution

Palo Alto Networks hosted WildFire cloud starting August 10th 2016. Users do not need to take action.

Workarounds and Mitigations

N/A

Acknowledgments

Palo Alto Networks thanks Alexander Fischer, DCSO Deutsche Cyber-Sicherheitsorganisation for discovering and reporting the issue.
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.