{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"ESM Console XSS vulnerability"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2015-2223","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-08T08:03:21.300Z","generator":{"date":"2026-04-08T08:03:21.300Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"CVE-2015-2223","initial_release_date":"2016-02-23T08:00:00.000Z","revision_history":[{"number":"1","date":"2026-04-08T01:03:21.000Z","summary":"Initial release"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[]}]},"vulnerabilities":[{"cve":"CVE-2015-2223","product_status":{"fixed":["PANW-Traps-ESM-Console-4","PANW-Traps-ESM-Console-6"],"known_not_affected":["PANW-Traps-ESM-Console-3","PANW-Traps-ESM-Console-5"]},"notes":[{"category":"description","text":"A cross-site scripting vulnerability exists in the web-based console management. This vulnerability has been assigned CVE-2015-2223.\nThis issue affects the management interface of Traps, where an authenticated administrator may be tricked into injecting malicious JavaScript into the web UI interface.\nThis issue affects Traps ESM Console version 3.2.1 and earlier"}],"references":[{"category":"external","summary":"NVD - CVE-2015-2223","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2223"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2015-2223","url":"https://security.paloaltonetworks.com/CVE-2015-2223"}],"threats":[{"category":"impact","description":"A cross-site scripting vulnerability exists in the web-based console management. This vulnerability has been assigned CVE-2015-2223.\nThis issue affects the management interface of Traps, where an authenticated administrator may be tricked into injecting malicious JavaScript into the web UI interface.\nThis issue affects Traps ESM Console version 3.2.1 and earlier"}],"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.2,"baseSeverity":"MEDIUM"},"products":[]}]}]}