Description
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Palo Alto Networks / Cloud NGFWAll – All
- Palo Alto Networks / pan-os9.0 – 9.0.17
- Palo Alto Networks / pan-os9.1 – 9.1.16
- Palo Alto Networks / pan-os10.0 – 10.0.12
- Palo Alto Networks / pan-os10.1 – 10.1.9
- Palo Alto Networks / pan-os8.1 – 8.1.25
- Palo Alto Networks / pan-os11.0 – 11.0.1
- Palo Alto Networks / pan-os11.1 – All
- Palo Alto Networks / pan-os10.2 – 10.2.4
- Palo Alto Networks / Prisma AccessAll – All