Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-01	CVE-2019-1577	Code Injection vulnerability in Paloaltonetworks Traps 5.0/5.0.5 Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. network low complexity paloaltonetworks CWE-94	6.3
2019-05-09	CVE-2019-1568	Cross-site Scripting vulnerability in Paloaltonetworks Demisto 4.5 Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. network low complexity paloaltonetworks CWE-79	6.1
2019-04-12	CVE-2019-1574	Cross-site Scripting vulnerability in Paloaltonetworks Expedition Migration Tool Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. network low complexity paloaltonetworks CWE-79	5.4
2019-04-09	CVE-2019-1567	Cross-site Scripting vulnerability in Paloaltonetworks Expedition Migration Tool The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. network low complexity paloaltonetworks CWE-79	5.4
2019-03-26	CVE-2019-1571	Cross-site Scripting vulnerability in Paloaltonetworks Expedition The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. network low complexity paloaltonetworks CWE-79	4.8
2019-03-26	CVE-2019-1570	Cross-site Scripting vulnerability in Paloaltonetworks Expedition The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. network low complexity paloaltonetworks CWE-79	4.8
2019-03-26	CVE-2019-1569	Cross-site Scripting vulnerability in Paloaltonetworks Expedition The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. network low complexity paloaltonetworks CWE-79	4.8
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9
2019-01-30	CVE-2019-1566	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. network low complexity paloaltonetworks CWE-79	6.1
2019-01-30	CVE-2019-1565	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. network low complexity paloaltonetworks CWE-79	5.4