Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-09	CVE-2024-9471	Unspecified vulnerability in Paloaltonetworks Pan-Os A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. network low complexity paloaltonetworks	4.7
2024-09-11	CVE-2024-8688	Unspecified vulnerability in Paloaltonetworks Pan-Os An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall. local low complexity paloaltonetworks	4.4
2024-08-14	CVE-2024-5916	Cleartext Storage of Sensitive Information vulnerability in Paloaltonetworks Pan-Os An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. local low complexity paloaltonetworks CWE-312	4.4
2024-02-14	CVE-2024-0007	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. network low complexity paloaltonetworks CWE-79	4.8
2024-02-14	CVE-2024-0009	Origin Validation Error vulnerability in Paloaltonetworks Pan-Os An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. network low complexity paloaltonetworks CWE-346	6.3
2024-02-14	CVE-2024-0010	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. network low complexity paloaltonetworks CWE-79	6.1
2024-02-14	CVE-2024-0011	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. network low complexity paloaltonetworks CWE-79	6.1
2023-12-13	CVE-2023-6789	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. network low complexity paloaltonetworks CWE-79	4.8
2023-12-13	CVE-2023-6790	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface. network low complexity paloaltonetworks CWE-79	6.1
2023-12-13	CVE-2023-6791	Insufficiently Protected Credentials vulnerability in Paloaltonetworks Pan-Os A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. network low complexity paloaltonetworks CWE-522	4.9