Vulnerability Description
Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Pan-Os | <= 6.1.17 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100619Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039255Third Party AdvisoryVDB Entry
- https://security.paloaltonetworks.com/CVE-2017-12416
- http://www.securityfocus.com/bid/100619Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039255Third Party AdvisoryVDB Entry
- https://security.paloaltonetworks.com/CVE-2017-12416
FAQ
What is CVE-2017-12416?
CVE-2017-12416 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x be...
How severe is CVE-2017-12416?
CVE-2017-12416 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12416?
Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Pan-Os.