Page 3 of 43 results (0.010 seconds)

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. La página de interfaz web de administración de PAN-OS en PAN-OS 6.1.20 y anteriores, PAN-OS 7.1.17 y anteriores, PAN-OS 8.0.10 y anteriores y PAN-OS 8.1.1 y anteriores podría permitir que un atacante inyecte código HTML o JavaScript arbitrario. • http://www.securityfocus.com/bid/104657 http://www.securitytracker.com/id/1041240 https://security.paloaltonetworks.com/CVE-2018-9337 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. El navegador web de PAN-OS en PAN-OS 6.1.20 y anteriores, PAN-OS 7.1.16 y anteriores, PAN-OS 8.0.9 y anteriores y PAN-OS 8.1.1 y anteriores podría permitir que un atacante inyecte código HTML o JavaScript arbitrario. • http://www.securityfocus.com/bid/104658 http://www.securitytracker.com/id/1041241 https://security.paloaltonetworks.com/CVE-2018-9335 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. La página de interfaz web de administración de PAN-OS en PAN-OS 6.1.20 y anteriores, PAN-OS 7.1.16 y anteriores y PAN-OS 8.0.9 y anteriores podría permitir que un atacante elimine archivos en el sistema mediante parámetros de petición específicos. • http://www.securityfocus.com/bid/104676 http://www.securitytracker.com/id/1041242 https://security.paloaltonetworks.com/CVE-2018-9242 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration. Múltiples vulnerabilidades Cross-Site Scripting (XSS) en la función Captive Portal en Palo Alto Networks PAN-OS en versiones anteriores a la 8.0.7 permiten que los atacantes remotos inyecten scripts web o HTML arbitrarios aprovechándose de una configuración no especificada. • http://www.securitytracker.com/id/1040148 https://security.paloaltonetworks.com/CVE-2017-16878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Palo Alto Networks PAN-OS en versiones anteriores a 6.1.19, 7.0.x anteriores a 7.0.19, 7.1.x anteriores a 7.1.14 y 8.0.x anteriores a 8.0.7, cuando la puerta de enlace o portal GlobalProtect está configurado, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores no especificados. • http://www.securityfocus.com/bid/102446 http://www.securitytracker.com/id/1040147 https://security.paloaltonetworks.com/CVE-2017-15941 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •