Brandon Freshour

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks PAN-OS versions 6.1.21 and earlier Palo Alto Networks PAN-OS versions 7.1.18 and earlier Palo Alto Networks PAN-OS versions 8.0.11 and earlier **Description** The issue is caused by insufficient protection of the web page structure, allowing an unauthenticated attacker to inject arbitrary JavaScript or HTML. This can be exploited by a remote attacker. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions 6.1.21 and earlier, update to a version later than 6.1.21. For versions 7.1.18 and earlier, update to a version later than 7.1.18. For versions 8.0.11 and earlier, update to a version later than 8.0.11. As a temporary workaround, consider restricting access to the GlobalProtect Gateway to minimize the risk of exploitation.