CVE-2025-0133

This repository contains a Python-based exploit for CVE-2025-0133, targeting a reflected XSS vulnerability in GlobalProtect SSL VPN's `/ssl-vpn/getconfig.esp` endpoint. The exploit crafts a malicious URL with an XSS payload embedded in the `user` parameter, which triggers a JavaScript prompt when rendered.

This repository contains a Bash-based scanner tool for detecting CVE-2025-0133, a Reflected XSS vulnerability in Palo Alto GlobalProtect Gateway & Portal. It leverages nuclei and shodanx to automate the scanning process.

This repository contains a Python-based scanner for detecting CVE-2025-0133, a reflected XSS vulnerability in Palo Alto Networks GlobalProtect Portal (PAN-OS). The tool tests multiple parameters with context-specific payloads and logs results for analysis.

This repository contains a writeup describing CVE-2025-0133, a reflected XSS vulnerability in Palo Alto Networks PAN-OS GlobalProtect gateway and portal. The vulnerability allows arbitrary JavaScript execution in the context of an authenticated user's browser via a crafted link.

This repository contains a Python script to scan for CVE-2025-0133, a reflected XSS vulnerability in Palo Alto's `getconfig.esp` endpoint. The script sends a probe request to detect Palo Alto and then tests for XSS by injecting a payload into the `user` parameter.

This repository contains a Python-based scanner for CVE-2025-0133, which targets a reflected XSS vulnerability in Palo Alto GlobalProtect gateways/portals. The script checks multiple URLs for the presence of an XSS payload and logs vulnerable endpoints.