Palo Alto Networks Security Advisories
CVE-2018-10141 Cross-Site Scripting (XSS) in GlobalProtect Portal Login Page
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required NONE
User Interaction REQUIRED
Confidentiality Impact LOW
Integrity Impact LOW
Availability Impact NONE
Reference PAN-99830 PAN-SA-2018-0014
A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS GlobalProtect Portal Login page. (Ref. # PAN-99830; CVE-2018-10141)
This issue affects PAN-OS 8.1.3 and earlier. PAN-OS 8.0, PAN-OS 7.1 and PAN-OS 6.1 are NOT affected.
|8.1||<= 8.1.3||>= 8.1.4|
CVSSv3.1 Base Score: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
PAN-OS 8.1.4 and later
Workarounds and Mitigations
Customers not using GlobalProtect feature of PAN-OS are not impacted by this vulnerability.
Palo Alto Networks would like to thank Vladimir Egorov, Team of cyberhouse.ge, okradze, and Mina Mohsen Edwar with Verizon for reporting this issue.
© 2020 Palo Alto Networks, Inc. All rights reserved.