2 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. Palo Alto Networks Traps ESM Console en versiones anteriores a 3.4.4 permite a los atacantes provocar una denegación de servicio aprovechando la validación incorrecta de las solicitudes para revocar una licencia de agente Traps. • http://www.securityfocus.com/bid/97533 https://security.paloaltonetworks.com/CVE-2017-7408 https://www.paloaltonetworks.com/documentation/34/endpoint/traps-release-notes/traps-3-4-4-addressed-issues.html • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request. Múltiples vulnerabilidades de XSS en la interfaz de administración de consola basada en web en Palo Alto Networks Traps (anteriormente Cyvera Endpoint Protection) 3.1.2.1546 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) Arguments, (2) FileName o (3) URL en una petición SOAP. Palo Alto Traps Server (formerly Cyvera Endpoint Protection) version 3.1.2.1546 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/36580 http://packetstormsecurity.com/files/131182/Palo-Alto-Traps-Server-3.1.2.1546-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/535113/100/0/threaded http://www.securityfocus.com/bid/73704 https://security.paloaltonetworks.com/CVE-2015-2223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •