cbcvebase.
CVE-2023-0010
published 2023-06-14

CVE-2023-0010: A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be…

PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.38%
29.4th percentile
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.

Affected

30 ranges· showing 25
VendorProductVersion rangeFixed in
linuxlinux_kernel>= 3.15.0 < 4.14.3244.14.324
linuxlinux_kernel>= 4.14.0 < 4.14.3164.14.316
linuxlinux_kernel>= 4.15.0 < 4.19.2844.19.284
linuxlinux_kernel>= 4.15.0 < 4.19.2934.19.293
linuxlinux_kernel>= 4.20.0 < 5.4.2445.4.244
linuxlinux_kernel>= 4.20.0 < 5.4.2555.4.255
linuxlinux_kernel>= 5.11.0 < 5.15.1135.15.113
linuxlinux_kernel>= 5.11.0 < 5.15.1235.15.123
linuxlinux_kernel>= 5.16.0 < 6.1.306.1.30
linuxlinux_kernel>= 5.16.0 < 6.1.426.1.42
linuxlinux_kernel>= 5.5.0 < 5.10.1815.10.181
linuxlinux_kernel>= 5.5.0 < 5.10.1925.10.192
linuxlinux_kernel>= 6.2.0 < 6.3.46.3.4
linuxlinux_kernel>= 6.2.0 < 6.4.76.4.7
linuxlinux_kernel>= 6.2.0 < 6.2.116.2.11
palo_alto_networkspan-os>= 10.0 < 10.0.1110.0.11
palo_alto_networkspan-os>= 10.1 < 10.1.610.1.6
palo_alto_networkspan-os>= 10.2 < 10.2.210.2.2
palo_alto_networkspan-os>= 8.1 < 8.1.248.1.24
palo_alto_networkspan-os>= 9.0 < 9.0.179.0.17
palo_alto_networkspan-os>= 9.1 < 9.1.169.1.16
paloaltocloud_ngfw
paloaltopan-os
paloaltoprisma_access
paloaltonetworkspan-os10.0.0 – 10.0.11

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_redhat8.0HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.