CVE-2019-1565

EUVD-2019-10122
The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
paloaltonetworkspan-os
𝑥
≤ 7.1.21
paloaltonetworkspan-os
7.1.22 ≤
𝑥
≤ 8.0.14
paloaltonetworkspan-os
8.0.15 ≤
𝑥
≤ 8.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106752
https://security.paloaltonetworks.com/CVE-2019-1565
http://www.securityfocus.com/bid/106752
https://security.paloaltonetworks.com/CVE-2019-1565