cve-2025-0133

cve-2025-0133

2 Stars New

This script performs safe, authorized testing for the vulnerability CVE-2025-0133, a reflected Cross-Site Scripting (XSS) issue in the GlobalProtect portal and gateway login pages of Palo Alto Networks' PAN-OS software.

dodiorne
Cve-poc
May 29, 2025
2 stars
View on GitHub
Share on:
X LinkedIn Facebook WhatsApp Telegram Reddit Email
Category
Cve-poc
GitHub Stars
2
Project Added On
May 29, 2025
Contributors
1

README.md

View on GitHub

CVE-2025-0133 Reflected XSS Detection Tool

Author: Derek Odiorne
Date: 2025-05-23
Severity: Medium
Tested Against: Palo Alto Networks GlobalProtect Portal (PAN-OS)

📌 Summary

This script performs safe, authorized testing for the vulnerability CVE-2025-0133, a reflected Cross-Site Scripting (XSS) issue in the GlobalProtect portal and gateway login pages of Palo Alto Networks’ PAN-OS software.

The tool tests multiple common parameters with two context-specific payloads:
- HTML context (<script>alert()</script>)
- JavaScript string context (j\";-alert()...)

The results are colorized for clarity and saved in a timestamped log file.

🚨 Vulnerability Overview

  • CVE ID: CVE-2025-0133
  • Component: PAN-OS (GlobalProtect Portal / Gateway)
  • Vulnerability: Reflected XSS
  • Impact: JavaScript execution in the context of an authenticated user
  • Exploit Method: Maliciously crafted query parameter in a login URL

🧪 Usage

Prerequisites

  • Python 3.x
  • requests
  • colorama

Install dependencies (if needed):

```bash
pip install requests colorama

Tool Information

Author

dodiorne

Project Added On

May 29, 2025

License

Open Source

Tags

security tool
View on GitHub

Related Tools

CVE-2023-22960

CVE-2023-22960

This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of more than 60 Lexmark printer models. This issue affects both username-password and PIN authentication.

Stable
CVE-2017-0199

CVE-2017-0199

Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.

Stable
CVE-2017-8759

CVE-2017-8759

Exploit toolkit CVE-2017-8759 - v1.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.

Stable
View more Cve-poc tools