Search criteria
3 vulnerabilities found for firewall by palo_alto_networks
FKIE_CVE-2010-0475
Vulnerability from fkie_nvd - Published: 2010-05-14 19:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| palo_alto_networks | firewall | * | |
| palo_alto_networks | firewall | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:palo_alto_networks:firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0008A00C-4129-4540-A2FF-A6E7B0ED5582",
"versionEndIncluding": "3.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:palo_alto_networks:firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4894E765-A56C-4947-9470-12EDD8D2C8C7",
"versionEndIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en esp/editUser.esp en el firewall Palo Alto Networks 3.0.x en versiones anteriores a la 3.0.9 y 3.1.x en versiones anteriores a la 3.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"role\"."
}
],
"id": "CVE-2010-0475",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-14T19:30:01.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.jeromiejackson.com/index.php?view=article\u0026id=83:palo-alto-cross-site-scripting-vulnerability\u0026tmpl=component\u0026print=1\u0026layout=default\u0026page="
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/40113"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.jeromiejackson.com/index.php?view=article\u0026id=83:palo-alto-cross-site-scripting-vulnerability\u0026tmpl=component\u0026print=1\u0026layout=default\u0026page="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58624"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-0475 (GCVE-0-2010-0475)
Vulnerability from cvelistv5 – Published: 2010-05-14 19:24 – Updated: 2024-08-07 00:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:18.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jeromiejackson.com/index.php?view=article\u0026id=83:palo-alto-cross-site-scripting-vulnerability\u0026tmpl=component\u0026print=1\u0026layout=default\u0026page="
},
{
"name": "paloalto-edituser-xss(58624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58624"
},
{
"name": "20100512 Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jeromiejackson.com/index.php?view=article\u0026id=83:palo-alto-cross-site-scripting-vulnerability\u0026tmpl=component\u0026print=1\u0026layout=default\u0026page="
},
{
"name": "paloalto-edituser-xss(58624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58624"
},
{
"name": "20100512 Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40113"
},
{
"name": "http://www.jeromiejackson.com/index.php?view=article\u0026id=83:palo-alto-cross-site-scripting-vulnerability\u0026tmpl=component\u0026print=1\u0026layout=default\u0026page=",
"refsource": "MISC",
"url": "http://www.jeromiejackson.com/index.php?view=article\u0026id=83:palo-alto-cross-site-scripting-vulnerability\u0026tmpl=component\u0026print=1\u0026layout=default\u0026page="
},
{
"name": "paloalto-edituser-xss(58624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58624"
},
{
"name": "20100512 Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0475",
"datePublished": "2010-05-14T19:24:00",
"dateReserved": "2010-02-02T00:00:00",
"dateUpdated": "2024-08-07T00:52:18.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0475 (GCVE-0-2010-0475)
Vulnerability from nvd – Published: 2010-05-14 19:24 – Updated: 2024-08-07 00:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:18.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jeromiejackson.com/index.php?view=article\u0026id=83:palo-alto-cross-site-scripting-vulnerability\u0026tmpl=component\u0026print=1\u0026layout=default\u0026page="
},
{
"name": "paloalto-edituser-xss(58624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58624"
},
{
"name": "20100512 Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jeromiejackson.com/index.php?view=article\u0026id=83:palo-alto-cross-site-scripting-vulnerability\u0026tmpl=component\u0026print=1\u0026layout=default\u0026page="
},
{
"name": "paloalto-edituser-xss(58624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58624"
},
{
"name": "20100512 Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40113"
},
{
"name": "http://www.jeromiejackson.com/index.php?view=article\u0026id=83:palo-alto-cross-site-scripting-vulnerability\u0026tmpl=component\u0026print=1\u0026layout=default\u0026page=",
"refsource": "MISC",
"url": "http://www.jeromiejackson.com/index.php?view=article\u0026id=83:palo-alto-cross-site-scripting-vulnerability\u0026tmpl=component\u0026print=1\u0026layout=default\u0026page="
},
{
"name": "paloalto-edituser-xss(58624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58624"
},
{
"name": "20100512 Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0475",
"datePublished": "2010-05-14T19:24:00",
"dateReserved": "2010-02-02T00:00:00",
"dateUpdated": "2024-08-07T00:52:18.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}