Last revised: 04/20/2017
A vulnerability exists in PAN-OS’s GlobalProtect external interface that could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters. (Ref # PAN-70674 / CVE-2017-7409)
PAN-OS 7.0.14 and earlier
PAN-OS 7.0.15 and later
Customers that have not configured GlobalProtect are not affected by this issue.
Palo Alto Networks would like to thank Jarrod Phelps from Uber for reporting this issue to us.