Description

Palo Alto Networks next-generation firewall (NGFW) is one of the leading enterprise firewalls used by companies around the world to protect against various cyber-attacks. It runs on its own operating system PAN-OS.

A reflected cross-site scripting (XSS) vulnerability exists in GlobalProtect gateway and portal features of PAN-OS. A remote attacker able to convince a user with an active authenticated session on the firewall web interface to click on a crafted link could potentially execute arbitrary JavaScript code in the user's browser and hijack the user's session.

Remediation

Upgrade to the latest version of Palo Alto PAN-OS.

References

CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal

Related Vulnerabilities

WordPress Plugin The Holiday Calendar Cross-Site Scripting (1.11.2)

WordPress Plugin Post to CSV by BestWebSoft Cross-Site Scripting (1.3.0)

WordPress Plugin WhyDoWork AdSense Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.2)

WordPress Plugin WPCB Cross-Site Scripting (2.4.8)

Joomla! Core Cross-Site Scripting (1.6.0 - 3.6.0)

Severity

Medium

Classification

CVE-2025-0133 CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Amber

Tags

Xss - known Vulnerabilities