CVE-2017-15941 — Cross-site Scripting in Paloaltonetworks Pan-os

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.6%

top 30.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Paloaltonetworks Pan-os Paloalto Pan-os

Timeline

PublishedJan 10

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDpaloaltonetworks/pan-os7.0.0 — 7.0.19+3

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-6v9f-q736-mg2v: Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6↗2022-05-13

▶

CVEList

CVE-2017-15941: Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6↗2018-01-10

▶

📋Vendor Advisories

Palo Alto

Cross Site Scripting Vulnerability in PAN-OS GlobalProtect↗2018-01-02

▶