CVE-2013-5664

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions prior to 4.1.13 Palo Alto Networks PAN-OS versions 5.0.x prior to 5.0.6

Description A cross-site scripting issue exists in the web-based device management API browser, allowing remote attackers to inject arbitrary web script or HTML via crafted data. This issue affects the management interface of the device where the API browser is exposed, as data provided by the user is echoed back without sanitization.

Recommendations For versions prior to 4.1.13, update to version 4.1.13 or later. For versions 5.0.x prior to 5.0.6, update to version 5.0.6 or later.