First published: Wed Jun 14 2023(Updated: )
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Paloaltonetworks Pan-os | >=8.1.0<=8.1.24 | |
Paloaltonetworks Pan-os | >=9.0.0<=9.0.17 | |
Paloaltonetworks Pan-os | >=9.1.0<=9.1.16 | |
Paloaltonetworks Pan-os | >=10.0.0<=10.0.11 | |
Paloaltonetworks Pan-os | >=10.1.0<=10.1.6 | |
Paloaltonetworks Pan-os | >=10.2.0<=10.2.2 |
This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.11, PAN-OS 10.1.6, PAN-OS 10.2.2, and all later PAN-OS versions.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-0010 is a reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software.
CVE-2023-0010 allows a JavaScript payload to be executed in the context of an authenticated Captive Portal user's browser when they click on a specifically crafted link.
Palo Alto Networks PAN-OS software versions 8.1.0 to 8.1.24, 9.0.0 to 9.0.17, 9.1.0 to 9.1.16, 10.0.0 to 10.0.11, 10.1.0 to 10.1.6, and 10.2.0 to 10.2.2 are affected by CVE-2023-0010.
CVE-2023-0010 has a severity rating of 5.4 (medium).
You can find more information about CVE-2023-0010 on the Palo Alto Networks website: https://security.paloaltonetworks.com/CVE-2023-0010.