CVE-2017-12416
MEDIUMPalo Alto Networks PAN-OS <6.1.18, <7.0.17, <7.1.12, <8.0.3 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039255
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100619
Various Sources x_refsource_confirm
https://security.paloaltonetworks.com/CVE-2017-12416
Scores
CVSS v3
6.1
EPSS
0.0059
EPSS Percentile
69.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (29)
paloaltonetworks/pan-os
7.0.0
paloaltonetworks/pan-os
7.0.1
paloaltonetworks/pan-os
7.0.2
paloaltonetworks/pan-os
7.0.3
paloaltonetworks/pan-os
7.0.4
paloaltonetworks/pan-os
7.0.5
paloaltonetworks/pan-os
7.0.6
paloaltonetworks/pan-os
7.0.7
paloaltonetworks/pan-os
7.0.8
paloaltonetworks/pan-os
7.0.9
... and 19 more
Published
Sep 07, 2017
Tracked Since
Feb 18, 2026