vulnerability
PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Sep 8, 2021 | Sep 10, 2021 | Sep 16, 2021 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Sep 8, 2021
Added
Sep 10, 2021
Modified
Sep 16, 2021
Description
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access.
Solutions
palo-alto-networks-pan-os-upgrade-10-0palo-alto-networks-pan-os-upgrade-8-1palo-alto-networks-pan-os-upgrade-9-0palo-alto-networks-pan-os-upgrade-9-1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.