Avi Gimpel

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks PAN-OS versions prior to 5.0.15 Palo Alto Networks PAN-OS versions 5.1.x prior to 5.1.10 Palo Alto Networks PAN-OS versions 6.0.x prior to 6.0.6 **Description** A cross-site scripting issue exists in the web-based device management interface, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. This occurs because data provided by the user is echoed back without sanitization, potentially tricking an authenticated administrator into injecting malicious JavaScript into the web UI interface. **Recommendations** For versions prior to 5.0.15, update to version 5.0.15 or later. For versions 5.1.x prior to 5.1.10, update to version 5.1.10 or later. For versions 6.0.x prior to 6.0.6, update to version 6.0.6 or later.