PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
CVE-2023-0010

5.4MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Pan-os; Cloud Ngfw; Prisma Access
Vendor: CVE Published:; 14 June 2023

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2023-0010?

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PAN-OS Firewall 10.2 < 10.2.2

PAN-OS Firewall 10.1 < 10.1.6

PAN-OS Firewall 10.0 < 10.0.11

References

https://security.paloaltonetworks.com/CVE-2023-0010

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 2, 2024
Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Oct 27, 2022

Credit

Lockheed Martin Red Team

JSON

Palo Alto Networks