Page 3 of 101 results (0.049 seconds)

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. Vulnerabilidad de cross-site scripting (XSS) basada en DOM en el software PAN-OS de Palo Alto Networks permite a un atacante remoto ejecutar una payload de JavaScript en el contexto del navegador de un administrador cuando ve un enlace específicamente manipulado a la interfaz web de PAN-OS. • https://security.paloaltonetworks.com/CVE-2023-6790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. • https://security.paloaltonetworks.com/CVE-2023-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. • https://security.paloaltonetworks.com/CVE-2023-0008 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed. • https://security.paloaltonetworks.com/CVE-2023-0007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0

A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. • https://security.paloaltonetworks.com/CVE-2023-0005 • CWE-312: Cleartext Storage of Sensitive Information CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •