PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication

CVE-2023-0010

5.4MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Cloud Ngfw; Prisma Access
Vendor: CVE Published:; 14 June 2023

Badges

👾 Exploit Exists

Summary

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.

Affected Version(s)

PAN-OS >= 11.0

PAN-OS < 10.2.2

PAN-OS < 10.1.6

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit exists.
Aug 2, 2024
Initial publication
Jun 14, 2023
Vulnerability published.
Jun 14, 2023
Vulnerability Reserved.
Oct 27, 2022

Collectors

NVD DatabaseMitre Database

Credit

Lockheed Martin Red Team