CVE-2015-2223

Palo Alto Networks Traps - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request.

Exploits (1)

exploitdb WORKING POC

by Michael Hendrickx · rubywebappswindows

https://www.exploit-db.com/exploits/36580

View Code ZIP pw:eip

References (4)

[Exploit] http://packetstormsecurity.com/files/131182/Palo-Alto-Traps-Server-3.1.2.1546-Cross-Site-Scripting.html

[Various Sources] https://security.paloaltonetworks.com/CVE-2015-2223

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/535113/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/73704

Scores

EPSS 0.0190

EPSS Percentile 83.3%

Details

CWE

CWE-79

Status published

Products (1)

palo_alto_networks/traps 3.1.2.1546

Published Apr 14, 2015

Tracked Since Feb 18, 2026