CVE-2023-0010
published 2023-06-14CVE-2023-0010: A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.38%
29.4th percentile
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 3.15.0 < 4.14.324 | 4.14.324 |
| linux | linux_kernel | >= 4.14.0 < 4.14.316 | 4.14.316 |
| linux | linux_kernel | >= 4.15.0 < 4.19.284 | 4.19.284 |
| linux | linux_kernel | >= 4.15.0 < 4.19.293 | 4.19.293 |
| linux | linux_kernel | >= 4.20.0 < 5.4.244 | 5.4.244 |
| linux | linux_kernel | >= 4.20.0 < 5.4.255 | 5.4.255 |
| linux | linux_kernel | >= 5.11.0 < 5.15.113 | 5.15.113 |
| linux | linux_kernel | >= 5.11.0 < 5.15.123 | 5.15.123 |
| linux | linux_kernel | >= 5.16.0 < 6.1.30 | 6.1.30 |
| linux | linux_kernel | >= 5.16.0 < 6.1.42 | 6.1.42 |
| linux | linux_kernel | >= 5.5.0 < 5.10.181 | 5.10.181 |
| linux | linux_kernel | >= 5.5.0 < 5.10.192 | 5.10.192 |
| linux | linux_kernel | >= 6.2.0 < 6.3.4 | 6.3.4 |
| linux | linux_kernel | >= 6.2.0 < 6.4.7 | 6.4.7 |
| linux | linux_kernel | >= 6.2.0 < 6.2.11 | 6.2.11 |
| palo_alto_networks | pan-os | >= 10.0 < 10.0.11 | 10.0.11 |
| palo_alto_networks | pan-os | >= 10.1 < 10.1.6 | 10.1.6 |
| palo_alto_networks | pan-os | >= 10.2 < 10.2.2 | 10.2.2 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.24 | 8.1.24 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.17 | 9.0.17 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.16 | 9.1.16 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | 10.0.0 – 10.0.11 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_redhat8.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: scsi: target: iscsit: Free cmds before session free
vendor_redhat·2025-12-30·CVSS 5.5
CVE-2023-54184 [LOW] CWE-825 kernel: scsi: target: iscsit: Free cmds before session free
kernel: scsi: target: iscsit: Free cmds before session free
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: iscsit: Free cmds before session free
Commands from recovery entries are freed after session has been closed.
That leads to use-after-free at command free or NPE with such call trace:
Time2Retain timer expired for SID: 1, cleaning up iSCSI session.
BUG: kernel NULL pointer dereference, address: 0000000000000140
RIP: 0010:sbitmap_queue_clear+0x3a/0xa0
Call Trace:
target_release_cmd_kref+0xd1/0x1f0 [target_core_mod]
transport_generic_free_cmd+0xd1/0x180 [target_core_mod]
iscsit_free_cmd+0x53/0xd0 [iscsi_target_mod]
iscsit_free_connection_recovery_entries+0x29d/0x320 [iscsi_target_mod]
iscsit_close_session+0x13a/0x140 [iscsi_target_mod]
iscsit_check_po
Red Hat
kernel: bpf: Zeroing allocated object from slab in bpf memory allocator
vendor_redhat·2025-12-09·CVSS 5.5
CVE-2023-53790 [LOW] CWE-909 kernel: bpf: Zeroing allocated object from slab in bpf memory allocator
kernel: bpf: Zeroing allocated object from slab in bpf memory allocator
In the Linux kernel, the following vulnerability has been resolved:
bpf: Zeroing allocated object from slab in bpf memory allocator
Currently the freed element in bpf memory allocator may be immediately
reused, for htab map the reuse will reinitialize special fields in map
value (e.g., bpf_spin_lock), but lookup procedure may still access
these special fields, and it may lead to hard-lockup as shown below:
NMI backtrace for cpu 16
CPU: 16 PID: 2574 Comm: htab.bin Tainted: G L 6.1.0+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
RIP: 0010:queued_spin_lock_slowpath+0x283/0x2c0
......
Call Trace:
copy_map_value_locked+0xb7/0x170
bpf_map_copy_value+0x113/0x3c0
__sys_bpf+0x1c67/0x2780
__x64_sys_bpf+0x1c/0x20
d
Red Hat
kernel: hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
vendor_redhat·2025-12-09
CVE-2023-53862 kernel: hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
kernel: hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
In the Linux kernel, the following vulnerability has been resolved:
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
Syzbot found a kernel BUG in hfs_bnode_put():
kernel BUG at fs/hfs/bnode.c:466!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3634 Comm: kworker/u4:5 Not tainted 6.1.0-rc7-syzkaller-00190-g97ee9d1c1696 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: writeback wb_workfn (flush-7:0)
RIP: 0010:hfs_bnode_put+0x46f/0x480 fs/hfs/bnode.c:466
Code: 8a 80 ff e9 73 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a0 fe ff ff 48 89 df e8 db 8a 80 ff e9 93 fe ff ff e8 a1 68 2c ff 0b e8 9a 68 2c ff 0f 0b 0f 1f 84 00 00 00 00 00 55 41 57 41 56
RSP: 0018:ffffc
Red Hat
kernel: scsi: qla2xxx: Synchronize the IOCB count to be in order
vendor_redhat·2025-05-02·CVSS 5.5
CVE-2023-53056 [MEDIUM] kernel: scsi: qla2xxx: Synchronize the IOCB count to be in order
kernel: scsi: qla2xxx: Synchronize the IOCB count to be in order
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Synchronize the IOCB count to be in order
A system hang was observed with the following call trace:
BUG: kernel NULL pointer dereference, address: 0000000000000000
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1
Hardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022
RIP: 0010:__wake_up_common+0x55/0x190
Code: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d
40 e8 48 8d 43 08 48 89 04 24 48 89 c6\
49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 8b 40 18 89 6c 24 14 31
ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5d
RSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082
RAX: 0000000000000000 RBX:
Red Hat
kernel: serial: 8250_port: IRQ data NULL pointer dereference
vendor_redhat·2024-03-02·CVSS 5.5
CVE-2023-52567 [MEDIUM] CWE-476 kernel: serial: 8250_port: IRQ data NULL pointer dereference
kernel: serial: 8250_port: IRQ data NULL pointer dereference
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250_port: Check IRQ data before use
In case the leaf driver wants to use IRQ polling (irq = 0) and
IIR register shows that an interrupt happened in the 8250 hardware
the IRQ data can be NULL. In such a case we need to skip the wake
event as we came to this path from the timer interrupt and quite
likely system is already awake.
Without this fix we have got an Oops:
serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16550A
...
BUG: kernel NULL pointer dereference, address: 0000000000000010
RIP: 0010:serial8250_handle_irq+0x7c/0x240
Call Trace:
? serial8250_handle_irq+0x7c/0x240
? __pfx_serial8250_timeout+0x10/0x10
Package: kernel (Red Hat
Palo Alto
PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
vendor_paloalto·2023-06-14·CVSS 5.4
CVE-2023-0010 [MEDIUM] CWE-79 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.11, PAN-OS 10.1.6, PAN-OS 10.2.2, and all later PAN-OS versions.
Workaround: Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 92065 (Applications and Threats content update 8722).
OSV
quota: fix warning in dqgrab()
osv·2025-12-30
CVE-2023-54177 quota: fix warning in dqgrab()
quota: fix warning in dqgrab()
In the Linux kernel, the following vulnerability has been resolved:
quota: fix warning in dqgrab()
There's issue as follows when do fault injection:
WARNING: CPU: 1 PID: 14870 at include/linux/quotaops.h:51 dquot_disable+0x13b7/0x18c0
Modules linked in:
CPU: 1 PID: 14870 Comm: fsconfig Not tainted 6.3.0-next-20230505-00006-g5107a9c821af-dirty #541
RIP: 0010:dquot_disable+0x13b7/0x18c0
RSP: 0018:ffffc9000acc79e0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88825e41b980
RDX: 0000000000000000 RSI: ffff88825e41b980 RDI: 0000000000000002
RBP: ffff888179f68000 R08: ffffffff82087ca7 R09: 0000000000000000
R10: 0000000000000001 R11: ffffed102f3ed026 R12: ffff888179f68130
R13: ffff888179f68110 R14: dffffc0000000000 R15: ffff888179f68118
FS:
OSV
iommufd: Check for uptr overflow
osv·2025-12-30
CVE-2023-54239 iommufd: Check for uptr overflow
iommufd: Check for uptr overflow
In the Linux kernel, the following vulnerability has been resolved:
iommufd: Check for uptr overflow
syzkaller found that setting up a map with a user VA that wraps past zero
can trigger WARN_ONs, particularly from pin_user_pages weirdly returning 0
due to invalid arguments.
Prevent creating a pages with a uptr and size that would math overflow.
WARNING: CPU: 0 PID: 518 at drivers/iommu/iommufd/pages.c:793 pfn_reader_user_pin+0x2e6/0x390
Modules linked in:
CPU: 0 PID: 518 Comm: repro Not tainted 6.3.0-rc2-eeac8ede1755+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
RIP: 0010:pfn_reader_user_pin+0x2e6/0x390
Code: b1 11 e9 25 fe ff ff e8 28 e4 0f ff 31 ff 48 89 de e8 2e e6 0f ff 48 8
OSV
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
osv·2025-12-24
CVE-2023-54114 net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
In the Linux kernel, the following vulnerability has been resolved:
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
As the call trace shows, skb_panic was caused by wrong skb->mac_header
in nsh_gso_segment():
invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 3 PID: 2737 Comm: syz Not tainted 6.3.0-next-20230505 #1
RIP: 0010:skb_panic+0xda/0xe0
call Trace:
skb_push+0x91/0xa0
nsh_gso_segment+0x4f3/0x570
skb_mac_gso_segment+0x19e/0x270
__skb_gso_segment+0x1e8/0x3c0
validate_xmit_skb+0x452/0x890
validate_xmit_skb_list+0x99/0xd0
sch_direct_xmit+0x294/0x7c0
__dev_queue_xmit+0x16f0/0x1d70
packet_xmit+0x185/0x210
packet_snd+0xc15/0x1170
packet_sendmsg+0x7b/0xa0
sock_sendmsg+0x14f/0x160
The root
GHSA
GHSA-p7xj-vgvg-jrrq: A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payloa
ghsa_unreviewed·2023-06-14
CVE-2023-0010 [MEDIUM] CWE-79 GHSA-p7xj-vgvg-jrrq: A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payloa
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.
No detection rules found.
No public exploits indexed.
2023-06-14
Published