CVSS 3.1 Score 4.3 of 10 (medium)


Published Feb 14, 2024
Updated: Feb 15, 2024


CVE-2024-0010 is a reflected cross-site scripting (XSS) vulnerability found in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software. This vulnerability allows for the execution of malicious JavaScript in the user's browser if they click on a malicious link, enabling phishing attacks that could result in credential theft. The affected products include tzCoLF, uhbyBY, tvd6nJ, and uhbyBa. To remediate this vulnerability, organizations should apply the necessary security patches or updates provided by Palo Alto Networks. This vulnerability poses a medium risk to organizations as it can lead to the compromise of sensitive information through phishing attacks.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0010 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options