CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
47.1%
A cross-site scripting vulnerability exists in the web-based device management API browser whereby data provided by the user is echoed back to the user without sanitization. (Ref #50908)
This issue affects the management interface of the device where the API browser is exposed.
This issue affects PAN-OS version 4.1.12 and earlier; 5.0.5 and earlier.
Work around:
This issue only affects the web-based device management API browser.