Sign-up

ID

VAR-201005-0055


CVE

CVE-2010-0475


TITLE

Palo Alto Networks Firewall Interface 'editUser.esp' HTML Injection Vulnerability

Trust: 0.9

sources: BID: 40113 // CNNVD: CNNVD-201005-217

DESCRIPTION

Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter. Palo Alto Networks Firewall is a firewall device. The remote attacker can request a cross-site scripting attack by submitting a malicious parameter. After the script is executed on the target user's browser, the script can be executed on the target user's browser. Get sensitive information or hijack a conversation. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. We will update this BID when more information is available

Trust: 2.52

sources: NVD: CVE-2010-0475 // JVNDB: JVNDB-2010-004487 // CNVD: CNVD-2010-0884 // BID: 40113 // VULHUB: VHN-43080

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-0884

AFFECTED PRODUCTS

vendor:palo altomodel:firewallscope:lteversion:3.0.8

Trust: 1.0

vendor:palo altomodel:firewallscope:lteversion:3.1.0

Trust: 1.0

vendor:palo altomodel:firewallscope:ltversion:3.0.x

Trust: 0.8

vendor:palo altomodel:firewallscope:eqversion:3.0.9

Trust: 0.8

vendor:palo altomodel:firewallscope:eqversion:3.1.1

Trust: 0.8

vendor:palo altomodel:firewallscope:ltversion:3.1.x

Trust: 0.8

vendor:palomodel:alto networks firewall interfacescope:ltversion:3.1.1

Trust: 0.6

vendor:palo altomodel:firewallscope:eqversion:3.0.8

Trust: 0.6

vendor:palo altomodel:firewallscope:eqversion:3.1.0

Trust: 0.6

vendor:paloaltonetworksmodel:firewall interfacescope:eqversion:0

Trust: 0.3

vendor:paloaltonetworksmodel:firewall interfacescope:neversion:3.1.1

Trust: 0.3

vendor:paloaltonetworksmodel:firewall interfacescope:neversion:3.0.9

Trust: 0.3

sources: CNVD: CNVD-2010-0884 // BID: 40113 // JVNDB: JVNDB-2010-004487 // CNNVD: CNNVD-201005-217 // NVD: CVE-2010-0475

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0475
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0475
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201005-217
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43080
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0475
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-43080
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43080 // JVNDB: JVNDB-2010-004487 // CNNVD: CNNVD-201005-217 // NVD: CVE-2010-0475

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-43080 // JVNDB: JVNDB-2010-004487 // NVD: CVE-2010-0475

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201005-217

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201005-217

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004487

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-43080

PATCH
title:Top Pageurl:http://www.paloaltonetworks.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-004487

EXTERNAL IDS
db:NVDid:CVE-2010-0475
Trust: 3.4
db:BIDid:40113
Trust: 1.4
db:JVNDBid:JVNDB-2010-004487
Trust: 0.8
db:CNNVDid:CNNVD-201005-217
Trust: 0.7
db:CNVDid:CNVD-2010-0884
Trust: 0.6
db:BUGTRAQid:20100512 PALO ALTO NETWORK VULNERABILITY - CROSS-SITE SCRIPTING (XSS)
Trust: 0.6
db:SEEBUGid:SSVID-68656
Trust: 0.1
db:EXPLOIT-DBid:12660
Trust: 0.1
db:PACKETSTORMid:89509
Trust: 0.1
db:VULHUBid:VHN-43080
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0884 // 
            
            
            
            VULHUB: VHN-43080 // 
            
            
            
            BID: 40113 // 
            
            
            
            JVNDB: JVNDB-2010-004487 // 
            
            
            
            CNNVD: CNNVD-201005-217 // 
            
            
            
            NVD: CVE-2010-0475

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html
Trust: 1.7
url:http://www.jeromiejackson.com/index.php?view=article&id=83:palo-alto-cross-site-scripting-vulnerability&tmpl=component&print=1&layout=default&page=
Trust: 1.6
url:http://www.securityfocus.com/bid/40113
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/58624
Trust: 1.1
url:http://www.jeromiejackson.com/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0475
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0475
Trust: 0.8
url:http://www.paloaltonetworks.com/
Trust: 0.3
url:/archive/1/511251
Trust: 0.3
url:http://www.jeromiejackson.com/index.php?view=article&id=83:palo-alto-cross-site-scripting-vulnerability&tmpl=component&print=1&layout=default&page=
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-0884 // 
            
            
            
            VULHUB: VHN-43080 // 
            
            
            
            BID: 40113 // 
            
            
            
            JVNDB: JVNDB-2010-004487 // 
            
            
            
            CNNVD: CNNVD-201005-217 // 
            
            
            
            NVD: CVE-2010-0475

CREDITS
Jeromie Jackson
Trust: 0.9
sources:
            
            
            BID: 40113 // 
            
            
            
            CNNVD: CNNVD-201005-217

SOURCES
db:CNVDid:CNVD-2010-0884
db:VULHUBid:VHN-43080
db:BIDid:40113
db:JVNDBid:JVNDB-2010-004487
db:CNNVDid:CNNVD-201005-217
db:NVDid:CVE-2010-0475

LAST UPDATE DATE
2025-04-11T23:04:26.380000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-0884date:2010-05-18T00:00:00
db:VULHUBid:VHN-43080date:2017-08-17T00:00:00
db:BIDid:40113date:2010-05-12T00:00:00
db:JVNDBid:JVNDB-2010-004487date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-201005-217date:2010-05-14T00:00:00
db:NVDid:CVE-2010-0475date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-0884date:2010-05-18T00:00:00
db:VULHUBid:VHN-43080date:2010-05-14T00:00:00
db:BIDid:40113date:2010-05-12T00:00:00
db:JVNDBid:JVNDB-2010-004487date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-201005-217date:2010-05-14T00:00:00
db:NVDid:CVE-2010-0475date:2010-05-14T19:30:01.250