Cross-Site Scripting Vulnerability in Palo Alto Networks Traps Management Interface
CVE-2015-2223

Currently unrated

Key Information:

Vendor: Palo Alto Networks
Status: Traps
Vendor: CVE Published:; 14 April 2015

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist within the web-based console management interface of Palo Alto Networks Traps, allowing remote attackers to inject arbitrary web scripts or HTML. These vulnerabilities can be exploited via injection through the Arguments, FileName, or URL parameters in a SOAP request, potentially compromising the integrity and security of user interactions with the management interface.

References

http://www.securityfocus.com/archive/1/535113/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/131182/Palo-Alto-Tra...

x_refsource_MISC

http://www.securityfocus.com/bid/73704

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 14, 2015
Vulnerability Reserved
Mar 6, 2015