15 matches found
CVE-2026-0256 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...
CVE-2025-4615
The CVE-2025-4615 entry concerns Palo Alto Networks PAN-OS management web interface. An improper input neutralization vulnerability allows an authenticated administrator to bypass system restrictions and execute arbitrary commands. Affected PAN-OS versions are indicated in Nessus plugin reference...
Palo Alto Networks PAN-OS 10.2.x < 10.2.17 / 11.1.x < 11.1.12 / 11.2.x < 11.2.8 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.17, 11.1.x prior to 11.1.12, or 11.2.x prior to 11.2.8. It is, therefore, affected by a vulnerability. An information disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated...
CVE-2025-0130
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this...
CVE-2025-0130
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this...
CVE-2025-0130
A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this...
The vulnerability in the web interface of the PAN-OS operating system of the Palo Alto Networks Panorama network switch management system allows a attacker to carry out cross-site scripting attacks.
The vulnerability of the PAN-OS operating system’s web interface in the Palo Alto Networks Panorama network switch management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site attacks remote...
PT-2023-14675 · Xiongmaitech · Mbd6304T Firmware +1
exploit 1. CVE-2024-0012/CVE-2024-9474: Auth Bypass in PAN-OS Web Interface https://t.co/SgNOxX5gde 2. CVE-2025-23369: GitHub Entreprise Server SAML auth bypass https://t.co/iCGbLYz9rt 3. CVE-2022-45460: ROPing our way to RCE https://t.co/GzC2JZCb2N...
CVE-2021-3054
A time-of-check to time-of-use TOCTOU race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-...
CVE-2021-3045
An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14;...
CVE-2020-2000
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than...
Input validation
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than...
CVE-2018-9337
The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML...
Command Injection in PAN-OS
A vulnerability exists in the PAN-OS web interface packet capture management that could allow an authenticated user to inject arbitrary commands. Ref PAN-81892 / CVE-2017-15940 PAN-OS contains a vulnerability that may allow for post authentication command injection This issue affects PAN-OS 6.1.1...
Palo Alto Networks Pan-OS Management Interface Cross-Site Scripting Vulnerability
PAN-OS is a security-specific operating system designed to control Palo Alto Networks' next-generation firewalls, providing a rich set of firewall, management, and network features. A cross-site scripting vulnerability exists in the Palo Alto Networks Pan-OS WEB management interface, which allows...