Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-10141Cross-site Scripting in Palo Alto Networks

CWE-79Cross-site Scripting6 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
44.2%
top 2.44%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Paloaltonetworks Pan-osPalo Alto NetworksPaloalto Pan-os
Timeline
PublishedOct 12
Latest updateMay 13

Description

GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDpaloaltonetworks/pan-os8.1.08.1.4+2
CVEListV5palo_alto_networks/palo_alto_networksbefore PAN-OS 8.1.4
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-7hx2-795p-7rcr: GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 82022-05-13
CVEList
CVE-2018-10141: GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 82018-10-12

💥Exploits & PoCs

1
Nuclei
Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting

📋Vendor Advisories

1
Palo Alto
Cross-Site Scripting (XSS) in GlobalProtect Portal Login Page2018-10-12

🕵️Threat Intelligence

1
Greynoiseio
NoiseLetter September 2025
CVE-2018-10141 — Cross-site Scripting in Palo | cvebase