paloaltonetworks pan-os 在web页面生成时对输入的转义处理不恰当（跨站脚本）

admin

0
文章

0
评论

2023-11-30 19:55:12 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

paloaltonetworks pan-os 在web页面生成时对输入的转义处理不恰当（跨站脚本）

CVE编号

CVE-2021-3052

利用情况

暂无

补丁情况

N/A

披露时间

2021-09-09

漏洞描述

A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://security.paloaltonetworks.com/CVE-2021-3052

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	fedora_32	chromium	*		Up to (excluding) 90.0.4430.212-1.fc32
	运行在以下环境
	系统	fedora_33	chromium	*		Up to (excluding) 91.0.4472.114-2.fc33
	运行在以下环境
	系统	fedora_34	chromium-headless	*		Up to (excluding) 5.15.8-2.fc34
	运行在以下环境
	系统	fedora_EPEL_7	chromium	*		Up to (excluding) 90.0.4430.212-1.el7
	运行在以下环境
	系统	fedora_EPEL_8	chromium	*		Up to (excluding) 91.0.4472.164-1.el8
	运行在以下环境
	系统	opensuse_Leap_15.2	opera	*		Up to (excluding) 90.0.4430.212-lp152.2.95.1
	运行在以下环境
	系统	opensuse_Leap_15.3	opera	*		Up to (excluding) 91.0.4472.77-bp153.2.3.1
	运行在以下环境
	系统	opensuse_Leap_15.4	opera	*		Up to (excluding) 85.0.4341.28-lp154.2.5.1
	运行在以下环境
	系统	paloaltonetworks	pan-os	*	From (including) 10.0.0	Up to (excluding) 10.0.2
	运行在以下环境
	系统	paloaltonetworks	pan-os	*	From (including) 8.1.0	Up to (excluding) 8.1.20
	运行在以下环境
	系统	paloaltonetworks	pan-os	*	From (including) 9.0.0	Up to (excluding) 9.0.14
	运行在以下环境
	系统	paloaltonetworks	pan-os	*	From (including) 9.1.0	Up to (excluding) 9.1.10
	运行在以下环境
	系统	ubuntu_18.04.5_lts	chromium-browser	*		Up to (excluding) 91.0.4472.77-0ubuntu0.18.04.1