CVE-2018-10141
published 2018-10-12CVE-2018-10141: GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.
PriorityP342medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.88%
88.9th percentile
GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | palo_alto_networks | — | — |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | < 6.1.0 | 6.1.0 |
| paloaltonetworks | pan-os | 7.0.0 – 7.0.19 | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.4 | 8.1.4 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7hx2-795p-7rcr: GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8
ghsa_unreviewed·2022-05-13
CVE-2018-10141 [MEDIUM] CWE-79 GHSA-7hx2-795p-7rcr: GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8
GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.
Palo Alto
Cross-Site Scripting (XSS) in GlobalProtect Portal Login Page
vendor_paloalto·2018-10-12·CVSS 6.1
CVE-2018-10141 [MEDIUM] CWE-79 Cross-Site Scripting (XSS) in GlobalProtect Portal Login Page
Cross-Site Scripting (XSS) in GlobalProtect Portal Login Page
A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS GlobalProtect Portal Login page. (Ref. # PAN-99830; CVE-2018-10141)
Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
This issue affects PAN-OS 8.1.3 and earlier. PAN-OS 8.0, PAN-OS 7.1 and PAN-OS 6.1 are NOT affected.
Affected products: PAN-OS
Solution: PAN-OS 8.1.4 and later
Workaround: Customers not using GlobalProtect feature of PAN-OS are not impacted by this vulnerability.
No detection rules found.
Nuclei
Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2018-10141 [MEDIUM] Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting
Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting
Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting.
Template:
id: CVE-2018-10141
info:
name: Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to sessi
2018-10-12
Published