Informatica: [███] Cross-Site Scripting (XSS) via /ssl-vpn/getconfig.esp at GlobalProtect VPN Portal

A Cross-Site Scripting XSS vulnerability was discovered in the GlobalProtect VPN portal's getconfig.esp endpoint. The vulnerability existed because the application reflected user input from the user parameter in an XML response without proper sanitization. This allowed an attacker to inject SVG...

The Bug Report November 2021 Edition

The Bug Report — November 2021 Edition By Mark Bereza · November 30, 2021 Your Cybersecurity Comic Relief CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” Why am I here? For all our newcomers, welcome to the Advanced Threat Research team’s monthly bug report ...

CVE-2021-3056

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions...