Arbitrary JavaScript and HTML Injection in PAN-OS External Dynamic Lists

Arbitrary JavaScript and HTML Injection in PAN-OS External Dynamic Lists

CVE-2019-1565 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.

Learn more about our Cis Benchmark Audit For Microsoft Dynamics 365 Power Platform.