CVE-2018-9335
published 2018-07-03CVE-2018-9335: The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an…
PriorityP425medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
1.01%
58.8th percentile
The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 6.1.20 | — |
| paloaltonetworks | pan-os | <= 8.0.9 | — |
| paloaltonetworks | pan-os | 7.1.0 – 7.1.16 | — |
| paloaltonetworks | pan-os | 8.1.0 – 8.1.1 | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9gpp-6x5g-58cf: The PAN-OS session browser in PAN-OS 6
ghsa_unreviewed·2022-05-13
CVE-2018-9335 [MEDIUM] CWE-79 GHSA-9gpp-6x5g-58cf: The PAN-OS session browser in PAN-OS 6
The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.
Palo Alto
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
vendor_paloalto·2018-06-29·CVSS 5.4
CVE-2018-9335 [MEDIUM] CWE-79 Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS session browser. (Ref. # PAN-93244; CVE-2018-9335)
Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML. An attacker would need to successfully authenticate prior to exploiting this issue.
This issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier
Affected products: PAN-OS
Solution: PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.10 and later, and PAN-OS 8.1.2 and later
Workaround: This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface o
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-07-03
Published