Vulnerabilities > Paloaltonetworks > PAN OS > 9.1.15

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-6789 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface.
network
low complexity
paloaltonetworks CWE-79
4.8
4.8
2023-12-13 CVE-2023-6790 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
network
low complexity
paloaltonetworks CWE-79
6.1
6.1
2023-12-13 CVE-2023-6791 Insufficiently Protected Credentials vulnerability in Paloaltonetworks Pan-Os
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
network
low complexity
paloaltonetworks CWE-522
4.9
4.9
2023-12-13 CVE-2023-6793 Improper Privilege Management vulnerability in Paloaltonetworks Pan-Os
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
network
low complexity
paloaltonetworks CWE-269
2.7
2.7