CVE-2019-1565 Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists
A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS External Dynamic Lists. (Ref. # PAN-106776; CVE-2019-1565)
Successful exploitation of this issue may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.
This issue affects PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier.
Versions | Affected | Unaffected |
---|---|---|
PAN-OS 8.1 | <= 8.1.5 | >= 8.1.6 |
PAN-OS 8.0 | <= 8.0.14 | >= 8.0.15 |
PAN-OS 7.1 | <= 7.1.21 | >= 7.1.22 |
CVSSv3.1 Base Score: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
PAN-OS 7.1.22 and later, PAN-OS 8.0.15 and later, and PAN-OS 8.1.6 and later.
N/A