CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16878
https://notcve.org/view.php?id=CVE-2017-16878
Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration. Múltiples vulnerabilidades Cross-Site Scripting (XSS) en la función Captive Portal en Palo Alto Networks PAN-OS en versiones anteriores a la 8.0.7 permiten que los atacantes remotos inyecten scripts web o HTML arbitrarios aprovechándose de una configuración no especificada. • http://www.securitytracker.com/id/1040148 https://security.paloaltonetworks.com/CVE-2017-16878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-15941
https://notcve.org/view.php?id=CVE-2017-15941
Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Palo Alto Networks PAN-OS en versiones anteriores a 6.1.19, 7.0.x anteriores a 7.0.19, 7.1.x anteriores a 7.1.14 y 8.0.x anteriores a 8.0.7, cuando la puerta de enlace o portal GlobalProtect está configurado, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores no especificados. • http://www.securityfocus.com/bid/102446 http://www.securitytracker.com/id/1040147 https://security.paloaltonetworks.com/CVE-2017-15941 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •