CVE-2010-0475

Palo Alto Networks Firewall < 3.0.8 - Cross-Site Scripting via Role Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0475. PoCs published by Jeromie Jackson.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in Palo Alto Networks' interface. It includes proof-of-concept URLs demonstrating the vulnerability but does not contain executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Jeromie Jackson · textwebappshardware
https://www.exploit-db.com/exploits/12660

This is a writeup describing a stored XSS vulnerability in Palo Alto Networks' interface. It includes proof-of-concept URLs demonstrating the vulnerability but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Palo Alto Networks interface (versions before 3.1.1 and 3.0.9)
Auth required
Prerequisites: Access to the Palo Alto Networks interface · Valid session or authentication credentials
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

EPSS 0.0382
EPSS Percentile 88.8%

Details

CWE
CWE-79
Status published
Products (1)
palo_alto_networks/firewall < 3.0.8
Published May 14, 2010
Tracked Since Feb 18, 2026