PAN-OS - Reflected Cross-Site Scripting

Short Info

Level

Medium

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

12 days 3 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link.The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN.

References:

https://security.paloaltonetworks.com/CVE-2025-0133
https://hackerone.com/reports/3096384

Get started to protecting your digital assets

Start trial See the plans

PAN-OS - Reflected Cross-Site Scripting

Short Info

-

Detail

Category