SB2016071917 - Cross-site scripting in Palo Alto PAN-OS
Published: July 19, 2016 Updated: November 22, 2018
Security Bulletin ID
SB2016071917
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Cross-site scripting (CVE-ID: N/A)
The vulnerability allows a remote attacker to conduct cross-site scripting attacks.The vulnerability exists due to improper filtering HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code execution by the target user's browser. The code will originate from the Palo Alto PAN-OS interface and will run in the security context of that site. As a result, the code will be able to access the target user's cookies, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Successful exploitation of this vulnerability may result in disclosure of authentication information.
Remediation
Install update from vendor's website.