Palo Alto Networks Security Advisories / CVE-2023-0010

CVE-2023-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication

Severity 5.4 · MEDIUM
Attack Vector NETWORK
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required LOW
Integrity Impact LOW
User Interaction NONE
Availability Impact NONE


A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.

Product Status

Cloud NGFW NoneAll
PAN-OS 11.0NoneAll
PAN-OS 10.2< 10.2.2>= 10.2.2
PAN-OS 10.1< 10.1.6>= 10.1.6
PAN-OS 10.0< 10.0.11>= 10.0.11
PAN-OS 9.1< 9.1.16>= 9.1.16
PAN-OS 9.0< 9.0.17>= 9.0.17
PAN-OS 8.1< 8.1.24>= 8.1.24
Prisma Access NoneAll

Required Configuration for Exposure

This issue is applicable only to firewalls that are configured to use Captive Portal authentication.

On PAN-OS 10.0 and later software versions, this issue applies only to firewalls that have also disabled the default token generation for Captive Portal authentication. You can verify that the token is not disabled by running the following command: ‘show deviceconfig setting captive-portal’.

Severity: MEDIUM

CVSSv3.1 Base Score: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')


This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.11, PAN-OS 10.1.6, PAN-OS 10.2.2, and all later PAN-OS versions.

Workarounds and Mitigations

Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 92065 (Applications and Threats content update 8722).


Palo Alto Networks thanks the Lockheed Martin Red Team for discovering and reporting this issue.


Updated threat prevention signature coverage
Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.