CVE-2012-4043

EUVD-2012-3987
Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
palo_altoglobal_protected_gateway
3.1
palo_altoglobal_protected_gateway
3.1.11
palo_altoglobal_protected_gateway
4.0
palo_altoglobal_protected_gateway
4.0.5
palo_altossl_vpn
3.1
palo_altossl_vpn
3.1.11
palo_altossl_vpn
4.0
palo_altossl_vpn
4.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.abhisek.me/2012/06/xss-on-palo-alto-networks-global.html
http://www.osvdb.org/83896
http://blog.abhisek.me/2012/06/xss-on-palo-alto-networks-global.html
http://www.osvdb.org/83896