Description
A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Palo Alto Networks / pan-os8.0.* – 8.0.*
- Palo Alto Networks / pan-os7.1 – 7.1.26
- Palo Alto Networks / pan-os8.1 – 8.1.13
- Palo Alto Networks / pan-os9.0 – 9.0.6
- Palo Alto Networks / pan-os9.1.0 – 9.1*