CVE-2017-12416 — Cross-site Scripting in Paloaltonetworks Pan-os

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.6%

top 30.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Paloaltonetworks Pan-os Paloalto Pan-os

Timeline

PublishedSep 7

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDpaloaltonetworks/pan-os6.1.17+28

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-8pc7-vxgw-xqv6: Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6↗2022-05-13

▶

CVEList

CVE-2017-12416: Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6↗2017-09-07

▶

📋Vendor Advisories

Palo Alto

Cross-Site Scripting in PAN-OS↗2017-08-30

▶