Published: 31/08/2013 Updated: 17/02/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS prior to 4.1.13 and 5.0.x prior to 5.0.6 allows remote malicious users to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908.

Vulnerable Product	Search on Vulmon	Subscribe to Product
paloaltonetworks pan-os 5.0.4
paloaltonetworks pan-os 4.0.0
paloaltonetworks pan-os 4.0.5
paloaltonetworks pan-os 4.0.7
paloaltonetworks pan-os 4.1.2
paloaltonetworks pan-os 4.1.4
paloaltonetworks pan-os 5.0.0
paloaltonetworks pan-os 5.0.0-h1
paloaltonetworks pan-os 5.0.2
paloaltonetworks pan-os 4.1.0
paloaltonetworks pan-os 4.1.1
paloaltonetworks pan-os 4.1.10
paloaltonetworks pan-os 4.1.11
paloaltonetworks pan-os 4.0.1
paloaltonetworks pan-os 4.0.2
paloaltonetworks pan-os 4.0.3
paloaltonetworks pan-os 4.0.4
paloaltonetworks pan-os 4.1.6
paloaltonetworks pan-os 4.1.7
paloaltonetworks pan-os 4.1.8
paloaltonetworks pan-os 4.1.8-h3
paloaltonetworks pan-os 5.0.3
paloaltonetworks pan-os 5.0.5
paloaltonetworks pan-os 4.0.6
paloaltonetworks pan-os 4.0.8
paloaltonetworks pan-os 4.1.12
paloaltonetworks pan-os 4.1.3
paloaltonetworks pan-os 4.1.5
paloaltonetworks pan-os 4.1.9

Demo app showing how the Rails CVE-2013-5664 vulnerability works.

Rails CVE-2012-5664 vulnerability demo This demonstration application shows how the Rails CVE-2013-5664 vulnerability works More information: blogphusionnl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts

CWE-79 https://security.paloaltonetworks.com/CVE-2013-5664 https://nvd.nist.gov https://github.com/phusion/rails-cve-2012-5664-test

CVE-2013-5664

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect