CVE-2020-2005

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect Clientless VPN versions prior to 7.1.26 Palo Alto Networks GlobalProtect Clientless VPN versions prior to 8.0.21 Palo Alto Networks GlobalProtect Clientless VPN versions prior to 8.1.13 Palo Alto Networks GlobalProtect Clientless VPN versions prior to 9.0.7

Description A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session.

Recommendations For versions prior to 7.1.26, update to version 7.1.26 or later. For versions prior to 8.0.21, update to version 8.0.21 or later. For versions prior to 8.1.13, update to version 8.1.13 or later. For versions prior to 9.0.7, update to version 9.0.7 or later.