Overview
- Description
- A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access.
- Source
- psirt@paloaltonetworks.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97BB12BB-096E-4CCD-B5F4-55900801DF74",
"versionEndExcluding": "8.1.20",
"versionStartIncluding": "8.1.0"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9EE274A-3AF1-4204-B43D-1EA54C6442CC",
"versionEndExcluding": "9.0.14",
"versionStartIncluding": "9.0.0"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EED4206-00CC-449A-9681-612EC258CCEF",
"versionEndExcluding": "9.1.10",
"versionStartIncluding": "9.1.0"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EE7C159-8D6B-4EBC-8317-3C54E14B6EFC",
"versionEndExcluding": "10.0.2",
"versionStartIncluding": "10.0.0"
}
],
"operator": "OR"
}
]
}
]