CVE-2012-4043
Last modified
CVE-2012-4043 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action.. EPSS estimates a 1.40% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Palo Alto | Global Protected Gateway | 3.1 | — |
| Palo Alto | Global Protected Gateway | 3.1.11 | — |
| Palo Alto | Global Protected Gateway | 4.0 | — |
| Palo Alto | Global Protected Gateway | 4.0.5 | — |
| Palo Alto | Ssl Vpn | 3.1 | — |
| Palo Alto | Ssl Vpn | 3.1.11 | — |
| Palo Alto | Ssl Vpn | 4.0 | — |
| Palo Alto | Ssl Vpn | 4.0.5 | — |
| Palo Alto | Networks | global_protect_portal | 3.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-4043?
How severe is CVE-2012-4043?
How do I fix CVE-2012-4043?
Are you affected by CVE-2012-4043?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST