CVE-2023-6791 – PAN-OS: Plaintext Disclosure of External System Integration Credentials
https://notcve.org/view.php?id=CVE-2023-6791
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. Vulnerabilidad de divulgación de credenciales en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado de solo lectura obtener las credenciales en texto plano de integraciones de sistemas externos almacenados, como LDAP, SCP, RADIUS, TACACS+ y SNMP desde la interfaz web. • https://security.paloaltonetworks.com/CVE-2023-6791 • CWE-522: Insufficiently Protected Credentials CWE CATEGORY •
CVE-2023-6789 – PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
https://notcve.org/view.php?id=CVE-2023-6789
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator. Vulnerabilidad de cross-site scripting (XSS) en el software PAN-OS de Palo Alto Networks permite a un administrador de lectura y escritura autenticado malicioso almacenar un payload de JavaScript mediante la interfaz web. Luego, cuando la ve un administrador autenticado correctamente, la payload de JavaScript se ejecuta y disfraza todas las acciones asociadas tal como las realiza ese administrador autenticado desprevenido. • https://security.paloaltonetworks.com/CVE-2023-6789 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-6790 – PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface
https://notcve.org/view.php?id=CVE-2023-6790
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. Vulnerabilidad de cross-site scripting (XSS) basada en DOM en el software PAN-OS de Palo Alto Networks permite a un atacante remoto ejecutar una payload de JavaScript en el contexto del navegador de un administrador cuando ve un enlace específicamente manipulado a la interfaz web de PAN-OS. • https://security.paloaltonetworks.com/CVE-2023-6790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-38046 – PAN-OS: Read System Files and Resources During Configuration Commit
https://notcve.org/view.php?id=CVE-2023-38046
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. • https://security.paloaltonetworks.com/CVE-2023-38046 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2023-0010 – PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
https://notcve.org/view.php?id=CVE-2023-0010
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. • https://security.paloaltonetworks.com/CVE-2023-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •