CVE-2015-2223 – Palo Alto Traps Server 3.1.2.1546 - Persistent Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2015-2223

Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request. Múltiples vulnerabilidades de XSS en la interfaz de administración de consola basada en web en Palo Alto Networks Traps (anteriormente Cyvera Endpoint Protection) 3.1.2.1546 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) Arguments, (2) FileName o (3) URL en una petición SOAP. Palo Alto Traps Server (formerly Cyvera Endpoint Protection) version 3.1.2.1546 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/36580 http://packetstormsecurity.com/files/131182/Palo-Alto-Traps-Server-3.1.2.1546-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/535113/100/0/threaded http://www.securityfocus.com/bid/73704 https://security.paloaltonetworks.com/CVE-2015-2223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •