Lucene search

[email protected]CVE-2015-2223

HistoryApr 14, 2015 - 2:59 p.m.

CVE-2015-2223

2015-04-1414:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2015

2223

xss

vulnerabilities

palo alto networks

traps

cyvera

endpoint protection

soap

web-based console

remote attackers

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request.

CPENameOperatorVersion
palo_alto_networks:trapspalo alto networks trapseq3.1.2.1546

CPE	Name	Operator	Version
palo_alto_networks:traps	palo alto networks traps	eq	3.1.2.1546

References

packetstormsecurity.com/files/131182/Palo-Alto-Traps-Server-3.1.2.1546-Cross-Site-Scripting.html

www.securityfocus.com/archive/1/535113/100/0/threaded

www.securityfocus.com/bid/73704

security.paloaltonetworks.com/CVE-2015-2223

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.0%

JSON

Related for CVE-2015-2223

securityvulns2 prion1 exploitpack1 zdt1 packetstorm1 paloalto1 exploitdb1