Cross site scripting

2012-07-2619:55:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.0%

JSON

Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action.

CPENameOperatorVersion
global_protected_gatewayeq4.0
global_protected_gatewayeq4.0.5
global_protected_gatewayeq3.1.11
global_protected_gatewayeq3.1
networkseqglobalprotectportal 3.1
networkseqglobalprotectportal 4.0
networkseqglobalprotectportal 4.0.5
networkseqglobalprotectportal 3.1.11
ssl_vpneq3.1
ssl_vpneq4.0

Name	Operator	Version
global_protected_gateway	eq	4.0
global_protected_gateway	eq	4.0.5
global_protected_gateway	eq	3.1.11
global_protected_gateway	eq	3.1
networks	eq	globalprotectportal 3.1
networks	eq	globalprotectportal 4.0
networks	eq	globalprotectportal 4.0.5
networks	eq	globalprotectportal 3.1.11
ssl_vpn	eq	3.1
ssl_vpn	eq	4.0