CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1566
https://notcve.org/view.php?id=CVE-2019-1566
The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. La interfaz de gestión web de PAN-OS, en versiones 7.1.21 y anteriores, en las 8.0.14 y anteriores y en las 8.1.5 y anteriores, puede permitir a un atacante no autenticado inyectar JavaScript o HTML arbitrario. • http://www.securityfocus.com/bid/106750 https://security.paloaltonetworks.com/CVE-2019-1566 https://www.purplemet.com/blog/palo-alto-firewall-multiple-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1565
https://notcve.org/view.php?id=CVE-2019-1565
The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. Las listas dinámicas externas en PAN-OS, en versiones 7.1.21 y anteriores, en las 8.0.14 y anteriores y en las 8.1.5 y anteriores, podrían permitir que un atacante autenticado en Next Generation Firewall con permisos de escritura en la configuración External Dynamic List inyecte JavaScript o HTML arbitrario. • http://www.securityfocus.com/bid/106752 https://security.paloaltonetworks.com/CVE-2019-1565 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10143
https://notcve.org/view.php?id=CVE-2018-10143
The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. La versión 1.0.107 de la herramienta Palo Alto Networks Expedition Migration podría permitir a un atacante no autenticado con acceso remoto ejecutar comandos a nivel del sistema en el dispositivo que aloje este servicio/aplicación. • http://www.securityfocus.com/bid/106174 https://doddsecurity.com/234/command-injection-on-palo-alto-networks-expedition https://security.paloaltonetworks.com/CVE-2018-10143 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10142
https://notcve.org/view.php?id=CVE-2018-10142
The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. La herramienta Expedition Migration 1.0.106 y anteriores podría permitir que un atacante no autenticado enumere archivos en el sistema operativo. • http://www.securityfocus.com/bid/106069 https://security.paloaltonetworks.com/CVE-2018-10142 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10141
https://notcve.org/view.php?id=CVE-2018-10141
GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. La página GlobalProtect Portal Login en Palo Alto Networks PAN-OS en versiones anteriores a la 8.1.4 permite que un atacante no autenticado inyecte JavaScript o HTML arbitrarios. • https://security.paloaltonetworks.com/CVE-2018-10141 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •