VAR-201005-0055
Vulnerability from variot - Updated: 2023-12-18 13:30Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter. Palo Alto Networks Firewall is a firewall device. The remote attacker can request a cross-site scripting attack by submitting a malicious parameter. After the script is executed on the target user's browser, the script can be executed on the target user's browser. Get sensitive information or hijack a conversation. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. We will update this BID when more information is available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201005-0055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "palo alto",
"version": "3.0.8"
},
{
"model": "firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "palo alto",
"version": "3.1.0"
},
{
"model": "firewall",
"scope": "lt",
"trust": 0.8,
"vendor": "palo alto",
"version": "3.0.x"
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "palo alto",
"version": "3.0.9"
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "palo alto",
"version": "3.1.1"
},
{
"model": "firewall",
"scope": "lt",
"trust": 0.8,
"vendor": "palo alto",
"version": "3.1.x"
},
{
"model": "alto networks firewall interface",
"scope": "lt",
"trust": 0.6,
"vendor": "palo",
"version": "3.1.1"
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "palo alto",
"version": "3.0.8"
},
{
"model": "firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "palo alto",
"version": "3.1.0"
},
{
"model": "firewall interface",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "0"
},
{
"model": "firewall interface",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "3.1.1"
},
{
"model": "firewall interface",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "3.0.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0884"
},
{
"db": "BID",
"id": "40113"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004487"
},
{
"db": "NVD",
"id": "CVE-2010-0475"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-217"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:palo_alto_networks:firewall:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:palo_alto_networks:firewall:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0475"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeromie Jackson",
"sources": [
{
"db": "BID",
"id": "40113"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-217"
}
],
"trust": 0.9
},
"cve": "CVE-2010-0475",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-0475",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-43080",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-0475",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201005-217",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-43080",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43080"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004487"
},
{
"db": "NVD",
"id": "CVE-2010-0475"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-217"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter. Palo Alto Networks Firewall is a firewall device. The remote attacker can request a cross-site scripting attack by submitting a malicious parameter. After the script is executed on the target user\u0027s browser, the script can be executed on the target user\u0027s browser. Get sensitive information or hijack a conversation. \nAttacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. We will update this BID when more information is available",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0475"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004487"
},
{
"db": "CNVD",
"id": "CNVD-2010-0884"
},
{
"db": "BID",
"id": "40113"
},
{
"db": "VULHUB",
"id": "VHN-43080"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-43080",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43080"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-0475",
"trust": 3.4
},
{
"db": "BID",
"id": "40113",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004487",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201005-217",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-0884",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20100512 PALO ALTO NETWORK VULNERABILITY - CROSS-SITE SCRIPTING (XSS)",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-68656",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "12660",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89509",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-43080",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0884"
},
{
"db": "VULHUB",
"id": "VHN-43080"
},
{
"db": "BID",
"id": "40113"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004487"
},
{
"db": "NVD",
"id": "CVE-2010-0475"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-217"
}
]
},
"id": "VAR-201005-0055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0884"
},
{
"db": "VULHUB",
"id": "VHN-43080"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0884"
}
]
},
"last_update_date": "2023-12-18T13:30:11.375000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.paloaltonetworks.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004487"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43080"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004487"
},
{
"db": "NVD",
"id": "CVE-2010-0475"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html"
},
{
"trust": 1.6,
"url": "http://www.jeromiejackson.com/index.php?view=article\u0026id=83:palo-alto-cross-site-scripting-vulnerability\u0026tmpl=component\u0026print=1\u0026layout=default\u0026page="
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/40113"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58624"
},
{
"trust": 0.9,
"url": "http://www.jeromiejackson.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0475"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0475"
},
{
"trust": 0.3,
"url": "http://www.paloaltonetworks.com/"
},
{
"trust": 0.3,
"url": "/archive/1/511251"
},
{
"trust": 0.1,
"url": "http://www.jeromiejackson.com/index.php?view=article\u0026amp;id=83:palo-alto-cross-site-scripting-vulnerability\u0026amp;tmpl=component\u0026amp;print=1\u0026amp;layout=default\u0026amp;page="
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0884"
},
{
"db": "VULHUB",
"id": "VHN-43080"
},
{
"db": "BID",
"id": "40113"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004487"
},
{
"db": "NVD",
"id": "CVE-2010-0475"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-217"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-0884"
},
{
"db": "VULHUB",
"id": "VHN-43080"
},
{
"db": "BID",
"id": "40113"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004487"
},
{
"db": "NVD",
"id": "CVE-2010-0475"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-217"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0884"
},
{
"date": "2010-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-43080"
},
{
"date": "2010-05-12T00:00:00",
"db": "BID",
"id": "40113"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004487"
},
{
"date": "2010-05-14T19:30:01.250000",
"db": "NVD",
"id": "CVE-2010-0475"
},
{
"date": "2010-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201005-217"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0884"
},
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-43080"
},
{
"date": "2010-05-12T00:00:00",
"db": "BID",
"id": "40113"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004487"
},
{
"date": "2017-08-17T01:32:01.023000",
"db": "NVD",
"id": "CVE-2010-0475"
},
{
"date": "2010-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201005-217"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201005-217"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Palo Alto Networks Firewall Interface \u0027editUser.esp\u0027 HTML Injection Vulnerability",
"sources": [
{
"db": "BID",
"id": "40113"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-217"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201005-217"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…