CVE-2018-9337
published 2018-07-03CVE-2018-9337: The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier…
PriorityP425medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
1.01%
58.8th percentile
The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 6.1.20 | — |
| paloaltonetworks | pan-os | <= 8.0.10 | — |
| paloaltonetworks | pan-os | 7.1.0 – 7.1.17 | — |
| paloaltonetworks | pan-os | 8.1.0 – 8.1.1 | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
vendor_paloalto·2018-06-29·CVSS 5.4
CVE-2018-9337 [MEDIUM] CWE-79 Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
A Cross-Site Scripting (XSS) vulnerability exists in a PAN-OS web interface administration page. (Ref. # PAN-93242; CVE-2018-9337)
Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML An attacker would need to successfully authenticate prior to exploiting this issue.
This issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier
Affected products: PAN-OS
Solution: PAN-OS 6.1.21 and later, PAN-OS 7.1.18 and later, PAN-OS 8.0.11-h1 and later, and PAN-OS 8.1.2 and later
Workaround: This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN
GHSA
GHSA-x4mp-pf4r-rp4x: The PAN-OS web interface administration page in PAN-OS 6
ghsa_unreviewed·2022-05-13
CVE-2018-9337 [MEDIUM] CWE-79 GHSA-x4mp-pf4r-rp4x: The PAN-OS web interface administration page in PAN-OS 6
The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-07-03
Published