https://live.paloaltonetworks.com/t5/general-topics/jquery-vulnerability-on-management-interface-of-pa-3220/m-p/1236363#M124991 <P>Hello,</P> <P>Run the scans again but slow them down. See if you get the same results. Sometimes fast unauthenticated scans give false positives.</P> <P>&nbsp;</P> <P>Regards,</P> Wed, 20 Aug 2025 16:44:15 GMT OtakarKlier 2025-08-20T16:44:15Z https://live.paloaltonetworks.com/t5/general-topics/jquery-vulnerability-on-management-interface-of-pa-3220/m-p/1236234#M124984 <P><SPAN>Hello all</SPAN>,</P> <P>&nbsp;</P> <P>Our customer is currently using PA-3220 running PAN-OS 11.1.<BR />During their recent vulnerability scan, the following CVEs were reported that jQuery used on the Web management interface;</P> <P>&nbsp;</P> <P>CVE-2018-8046<BR />CVE-2007-6758</P> <P>&nbsp;</P> <P>Questions:<BR />1. Do these vulnerabilities actually affect? Or false positive from their vulnerability scanner?<BR />2. What is the purpose of using jQuery in the Web management interface?</P> <P>&nbsp;</P> <P>Thank you for your support.</P> <P>Shinichi</P> Tue, 19 Aug 2025 12:42:56 GMT https://live.paloaltonetworks.com/t5/general-topics/jquery-vulnerability-on-management-interface-of-pa-3220/m-p/1236234#M124984 kawai818 2025-08-19T12:42:56Z https://live.paloaltonetworks.com/t5/general-topics/jquery-vulnerability-on-management-interface-of-pa-3220/m-p/1236363#M124991 <P>Hello,</P> <P>Run the scans again but slow them down. See if you get the same results. Sometimes fast unauthenticated scans give false positives.</P> <P>&nbsp;</P> <P>Regards,</P> Wed, 20 Aug 2025 16:44:15 GMT https://live.paloaltonetworks.com/t5/general-topics/jquery-vulnerability-on-management-interface-of-pa-3220/m-p/1236363#M124991 OtakarKlier 2025-08-20T16:44:15Z https://live.paloaltonetworks.com/t5/general-topics/jquery-vulnerability-on-management-interface-of-pa-3220/m-p/1236628#M125025 <P>Hi OtakarKlier,</P> <P>Thank you for your reply.<BR />Unfortunately, they said it would be difficult to run a vulnerability scan again.<BR />Since those CVEs are not currently listed in the "Palo Alto Networks Security Advisories" information, I have concluded that they are not affected.</P> <P>Thank you.<BR />Shinichi</P> Mon, 25 Aug 2025 11:20:20 GMT https://live.paloaltonetworks.com/t5/general-topics/jquery-vulnerability-on-management-interface-of-pa-3220/m-p/1236628#M125025 kawai818 2025-08-25T11:20:20Z