Page 4 of 23 results (0.008 seconds)

CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0

A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. Vulnerabilidad de divulgación de credenciales en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado de solo lectura obtener las credenciales en texto plano de integraciones de sistemas externos almacenados, como LDAP, SCP, RADIUS, TACACS+ y SNMP desde la interfaz web. • https://security.paloaltonetworks.com/CVE-2023-6791 • CWE-522: Insufficiently Protected Credentials CWE CATEGORY •

CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator. Vulnerabilidad de cross-site scripting (XSS) en el software PAN-OS de Palo Alto Networks permite a un administrador de lectura y escritura autenticado malicioso almacenar un payload de JavaScript mediante la interfaz web. Luego, cuando la ve un administrador autenticado correctamente, la payload de JavaScript se ejecuta y disfraza todas las acciones asociadas tal como las realiza ese administrador autenticado desprevenido. • https://security.paloaltonetworks.com/CVE-2023-6789 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. Vulnerabilidad de cross-site scripting (XSS) basada en DOM en el software PAN-OS de Palo Alto Networks permite a un atacante remoto ejecutar una payload de JavaScript en el contexto del navegador de un administrador cuando ve un enlace específicamente manipulado a la interfaz web de PAN-OS. • https://security.paloaltonetworks.com/CVE-2023-6790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. • https://security.paloaltonetworks.com/CVE-2023-38046 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. • https://security.paloaltonetworks.com/CVE-2023-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •