Known Vulnerabilities
CVE-2024-0010
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
MEDIUM
CVSS 4.3
Published Feb 14, 2024
CVE-2024-0008
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
MEDIUM
CVSS 6.6
Published Feb 14, 2024