{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T12:37:42.830","vulnerabilities":[{"cve":{"id":"CVE-2024-0010","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2024-02-14T18:15:47.703","lastModified":"2024-12-09T15:08:43.783","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft."},{"lang":"es","value":"Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la función del portal GlobalProtect del software PAN-OS de Palo Alto Networks permite la ejecución de JavaScript malicioso (en el contexto del navegador de un usuario) si un usuario hace clic en un enlace malicioso, lo que permite ataques de phishing que podría provocar el robo de credenciales."}],"metrics":{"cvssMetricV31":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.11","matchCriteriaId":"77695C8C-9732-4605-A160-A5159BD8B49C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:-:*:*:*:*:*:*","matchCriteriaId":"F6242E26-AF44-4A19-ADD3-CBB798A862D1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"9.1.0","versionEndExcluding":"9.1.17","matchCriteriaId":"9F9FFBA6-7008-422B-9CF1-E37CA62081EB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.17","matchCriteriaId":"89A55C5F-8E01-42C4-BE93-D683900C07BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:-:*:*:*:*:*:*","matchCriteriaId":"CDAE9753-EF8D-4B15-A73C-0EF56FE6C78C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h1:*:*:*:*:*:*","matchCriteriaId":"2A142EE1-E516-4582-9A7E-6E4C74FB3991"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h2:*:*:*:*:*:*","matchCriteriaId":"5921D6F7-4C59-4DF1-B5DD-5CCA660B2EAF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h3:*:*:*:*:*:*","matchCriteriaId":"ACF6B9D6-0C48-48FD-8B5A-D0612B660212"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-0010","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]},{"url":"https://security.paloaltonetworks.com/CVE-2024-0010","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}