Mina Mohsen Edwar

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions 7.1.21 and earlier PAN-OS versions 8.0.14 and earlier PAN-OS versions 8.1.5 and earlier **Description** The issue allows an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. This is due to insufficient protection of the web page structure. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For PAN-OS versions 7.1.21 and earlier, update to a version later than 7.1.21 to resolve the issue. For PAN-OS versions 8.0.14 and earlier, update to a version later than 8.0.14 to resolve the issue. For PAN-OS versions 8.1.5 and earlier, update to a version later than 8.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the External Dynamic List configuration to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks PAN-OS versions prior to 8.1.4 **Description** The issue is related to insufficient protection of the web page structure in the GlobalProtect Portal Login page, allowing an unauthenticated attacker to inject arbitrary JavaScript or HTML. This can be exploited by a remote attacker. **Recommendations** For versions prior to 8.1.4, update to version 8.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the GlobalProtect Portal Login page until a patch is available.