CVE-2018-9335Cross-site Scripting in Paloaltonetworks Pan-os

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.4%
top 42.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Paloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedJul 3
Latest updateMay 13

Description

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDpaloaltonetworks/pan-os7.1.07.1.16+3
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-9gpp-6x5g-58cf: The PAN-OS session browser in PAN-OS 62022-05-13
CVEList
CVE-2018-9335: The PAN-OS session browser in PAN-OS 62018-07-03

📋Vendor Advisories

1
Palo Alto
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface2018-06-29
CVE-2018-9335 — Cross-site Scripting | cvebase