CVE-2015-2223: XSS
First published: Tue Apr 14 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palo Alto Networks Traps | =3.1.2.1546 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-2223?
CVE-2015-2223 has a medium severity rating due to the potential for remote attackers to exploit XSS vulnerabilities.
How do I fix CVE-2015-2223?
To fix CVE-2015-2223, ensure you update to a version of Palo Alto Networks Traps that addresses these XSS vulnerabilities.
What types of vulnerabilities are associated with CVE-2015-2223?
CVE-2015-2223 is associated with multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface.
Can CVE-2015-2223 affect web applications?
Yes, CVE-2015-2223 can affect web applications by allowing remote attackers to inject arbitrary web scripts or HTML.
What parameters are exploited in CVE-2015-2223?
The parameters exploited in CVE-2015-2223 include Arguments, FileName, and URL.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- agent/source
- vendor/palo alto networks
- canonical/palo alto networks traps
- version/palo alto networks traps/3.1.2.1546