Arbitrary JavaScript and HTML Injection Vulnerability in PAN-OS GlobalProtect Gateway

Arbitrary JavaScript and HTML Injection Vulnerability in PAN-OS GlobalProtect Gateway

CVE-2018-10139 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected.

Learn more about our Cis Benchmark Audit For Palo Alto Networks.