CVE-2014-3764
published 2015-01-06CVE-2014-3764: Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.36%
68.4th percentile
Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 5.0.14 | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9995-p9v8-cr26: Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5
ghsa_unreviewed·2022-05-13
CVE-2014-3764 [MEDIUM] CWE-79 GHSA-9995-p9v8-cr26: Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5
Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.
Palo Alto
Cross-site scripting vulnerability
vendor_paloalto·2014-12-22·CVSS 4.3
CVE-2014-3764 [MEDIUM] CWE-79 Cross-site scripting vulnerability
Cross-site scripting vulnerability
A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. (Ref # 64563). This vulnerability has been assigned CVE-2014-3764.
This issue affects the management interface of the device, where an authenticated administrator may be tricked into injecting malicious javascript into the web UI interface.
This issue affects PAN-OS version 6.0.5 and earlier; 5.1.9 and earlier; 5.0.14 and earlier.
Affected products: PAN-OS
Solution: PAN-OS 6.0.6; PAN-OS 5.0.15; PAN-OS 5.1.10
Workaround: This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictl
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-01-06
Published