Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x up to and including 3.1.11 and 4.0.x up to and including 4.0.5 allows remote malicious users to inject arbitrary web script or HTML via the inputStr parameter in a Login action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
palo alto networks global_protect_portal |
||
palo alto global protected gateway 3.1.11 |
||
palo alto global protected gateway 3.1 |
||
palo alto global protected gateway 4.0 |
||
palo alto ssl vpn 4.0.5 |
||
palo alto global protected gateway 4.0.5 |
||
palo alto ssl vpn 3.1 |
||
palo alto ssl vpn 3.1.11 |
||
palo alto ssl vpn 4.0 |