Palo Alto Networks · Pan-Os · CVE-2020-2017
**Name of the Vulnerable Software and Affected Versions**
PAN-OS versions prior to 7.1.26
PAN-OS versions prior to 8.1.13
PAN-OS versions prior to 9.0.6
PAN-OS 8.0 (all versions)
**Description**
A DOM-Based Cross Site Scripting issue exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions.
**Recommendations**
For PAN-OS versions prior to 7.1.26, update to version 7.1.26 or later.
For PAN-OS versions prior to 8.1.13, update to version 8.1.13 or later.
For PAN-OS versions prior to 9.0.6, update to version 9.0.6 or later.
For PAN-OS 8.0, consider upgrading to a later version of PAN-OS that is not affected by this issue.