Palo Alto Networks warns a reflected cross-site scripting (XSS) vulnerability, CVE-2025-0133, in the GlobalProtect gateway and portal features of its PAN-OS software. The flaw allows malicious JavaScript to run in the browsers of authenticated Captive Portal users when they click specific links. Organizations using the Clientless VPN feature face a serious threat. While it has … Continue reading Palo Alto Networks Warns of XSS Flaw: PoC Released