CVE-2019-1566Cross-site Scripting in Paloaltonetworks Pan-os

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
1.1%
top 21.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Paloaltonetworks Pan-osPalo Alto Networks Pan-osPaloalto Pan-os
Timeline
PublishedJan 30
Latest updateMay 13

Description

The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDpaloaltonetworks/pan-os7.1.07.1.22+2
Palo Altopaloalto/pan-os
CVEListV5palo_alto_networks/palo_alto_networks_pan-osPAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier.

🔴Vulnerability Details

2
GHSA
GHSA-cmgf-vp4c-gh93: The PAN-OS management web interface in PAN-OS 72022-05-13
CVEList
CVE-2019-1566: The PAN-OS management web interface in PAN-OS 72019-01-30

📋Vendor Advisories

1
Palo Alto
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface2019-01-23
CVE-2019-1566 — Cross-site Scripting | cvebase