Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4791 | 1 Prestashop | 1 Prestashop | 2020-02-18 | 3.5 LOW | 5.4 MEDIUM |
| PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. | |||||
| CVE-2013-5664 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908. | |||||
| CVE-2017-16878 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration. | |||||
| CVE-2017-12416 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation. | |||||
| CVE-2016-2219 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3764 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563. | |||||
| CVE-2017-15941 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-1567 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. | |||||
| CVE-2018-9335 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2018-9337 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2019-1565 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. | |||||
| CVE-2019-1568 | 1 Paloaltonetworks | 1 Demisto | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. | |||||
| CVE-2018-10139 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected. | |||||
| CVE-2018-10141 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2017-9459 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-5584 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-7636 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. | |||||
| CVE-2017-9467 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-10993 | 1 Scoreme Project | 1 Scoreme | 2020-02-17 | 3.5 LOW | 5.4 MEDIUM |
| The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter. | |||||
| CVE-2016-10994 | 1 Truemag Theme Project | 1 Truemag Theme | 2020-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter. | |||||